Embed Size (px)
Citation preview
Department of Homeland Security
US-VISIT Faces Challenges in Identifying and Reporting Multiple Biographic Identities
(Redacted)
OIG-12-111 August 2012
MEMORANDUM FOR
August 13 2012
Robert A Mocny Director US-VISIT
FROM Frank Deffer Assistant Inspector General Information Technology Audits
SUBJECT Letter Report US-VISIT Faces Challenges in Identifying and Reporting Multiple Biographic Identities
Attached for your information is our final letter report US-VISIT Faces Challenges in Identifying and Reporting Multiple Biographic Identities We incorporated the formal comments from the National Protection and Programs Directorate in the final report
The report contains two recommendations aimed at improving US-VISIT Your office concurred with both recommendations As prescribed by the Department of Homeland Security Directive 077-1 Follow-Up and Resolutions for the Office of Inspector General Report Recommendations within 90 days of the date of this memorandum please provide our office with a written response that includes your 1) agreement or disagreement 2) corrective action plan and 3) target completion date for each recommendation Also please include responsible parties and any other supporting documentation necessary to inform us about the current status of the recommendation Until your response is received and evaluated the recommendations will be considered open and unresolved
Consistent with our responsibility under the Inspector General Act we are providing copies of our report to appropriate congressional committees with oversight and appropriation responsibility over the Department of Homeland Security We will post the report on our website for public dissemination
Major contributors to this report are John Kelly Acting Deputy Assistant Inspector General Tuyet-Quan Thai Regional Director Scott Wrightson Audit Manager and Josh Wilshere Forensic Auditor
Please call me with any questions or your staff may contact Quan Thai Regional Director at 425-582-7861
Attachment
Background
US-VISIT is a program administered by the Department of Homeland Securityrsquos (DHSrsquos) National Protection amp Programs Directorate (NPPD) US-VISITrsquos goals are to enhance the security of US citizens and visitors facilitate legitimate travel and trade ensure the integrity of the US immigration system and protect the privacy of visitors To achieve these goals the program processes and maintains biographic and biometric information collected by other Federal entities such as the State Department and US Customs and Border Protection (CBP)1 US-VISIT also shares information on the entry and departure of foreign visitors who pass through US ports of entry US-VISIT processes biometric information such as fingerprints and photographs that along with other biographic and biometric information that it shares with other Federal entities can be used to verify foreign nationalsrsquo identities authenticate travel documents and determine the admissibility of visitors immigrants and refugees The biometric identification services that US-VISIT provides are designed to help decision makers throughout the immigration border management law enforcement and intelligence communities to accurately identify the people they encounter and determine whether those people pose a risk to the United States
As the repository of biometric and biographic data US-VISIT interfaces with numerous other Federal systems including the following
Advance Passenger Information System Arrival Departure Information System Automated Biometric Identification System Computer Linked Application Information Management Systems Consular Consolidated Database Image Storage and Retrieval System Integrated Automated Fingerprint Identification System Student and Exchange Visitor Information System DHSCBP-011 TECS
These systems provide biometric and biographic information to US-VISIT for foreign visitors visa applicants and certain criminals US-VISIT personnel can then analyze this information and share it with other Federal State and local entities
1 Biographic information may include a personrsquos name and date of birth Biometric information may include a personrsquos fingerprint image or photograph collected at a port of entry
According to the US-VISIT program office for each encounter (ie each time an international traveler passes through a US port of entry) US-VISIT checks the personrsquos biometrics against a biometric watch list of more than 64 million known or suspected terrorists criminals and immigration violators identified by US authorities and Interpol When a foreign visitor presents an identification document US-VISIT can check the personrsquos biometrics against other files that could be accessed to ensure that the document belongs to the person presenting it and not to someone else Finally other Federal law enforcement and Intelligence Community organizations can request that US-VISIT provide biographic and biometric information in the course of their investigations andor research
Results of Review
US-VISIT faces challenges in systematically identifying and flagging potential use of fraudulent biographic identities Our analysis of Automated Biometric Identification System (IDENT) data found 825000 instances where the same fingerprints were associated with different biographic data2 These differences ranged from misspelled names and transposed birth dates to completely different names and birth dates According to US-VISIT officials US-VISIT has instituted programs to identify individuals who may have overstayed the condition of their visas and has performed manual procedures to analyze entry and exit data to associate fingerprints with biographic information However US-VISIT has not developed
This information may assist CBP officers in identifying aliens using potentially fraudulent information at ports of entry
Although most of the hundreds of thousands of discrepant records involve data integrity errors likely occurring at the point of collection we found instances where individuals may have supplied different names and dates of birth at ports of entry In some cases we found that individuals used different biographic identities at a port of entry after they had applied for a visa under a different name or been identified as a recidivist alien
2 The 825000 records represent 02 percent of overall IDENT encounter data we received from US-VISIT Although this is a very small percentage of the total records the volume of records makes it significant 3 Other controls during the entry process may help to mitigate some risk of biographic identity fraud For example during the biovisa application process for people from countries who are required to have visas to enter the United States State Department personnel are supposed to check a personrsquos fingerprints against all previous biographic records for that set of fingerprints to ensure that the person has not previously used a different set of biographic information to enter the United States
The ldquoData Quality Actrdquo4 or ldquoInformation Quality Actrdquo requires Federal agencies to use and disseminate accurate information Inaccurate and inconsistent information related to hundreds of thousands of individuals reduces the accuracy of US-VISIT data monitoring and impedes US-VISITrsquos ability to verify that individuals attempting to enter the United States are providing their true names and dates of birth
US-VISIT Needs to Improve Procedures That Specifically Target Individuals Using Multiple Biographic Identities To Enter the United States
US-VISIT has to determine if individuals are using multiple
biographic identities when attempting to enter the United States We found evidence that IDENT data contain entry records for hundreds of thousands of individuals whose biographic data were different than their biometrics (ie individuals with the same fingerprints had different names andor dates of birth recorded for different encounters) Given that there are hundreds of millions of biometric records in IDENT if US-VISIT
US-VISIT offers decision makers limited assistance
US-VISIT officials said that US-VISIT regularly compares visa information against entry and departure data to identify individuals who have overstayed their immigrant or visitor visas It regularly provides overstay information to Immigrations and Customs Enforcement (ICE) to help identify and apprehend overstays US-VISIT also has established overstay outlooks so CBP officers and Department of State personnel can be warned of potential overstays seeking reentry to the United States This process replaced a system where individuals overstaying the terms of their admission to the United States were identified only on an ad hoc basis as part of contact they had with law enforcement In fiscal year 2011 US-VISIT provided ICE with more than 900 visas overstay leads per week
US-VISIT also has an identity resolution process to manually review instances where differences in biographic datamdashfor the same sets of biometricsmdashcan be attributable to input and other data errors To achieve this objective US-VISIT analysts may determine whether records with slightly different biographic information belong to a single individual or may have been incorrectly inputted at the point of collection Analysts then update the system to reflect that decision For example US-VISIT analysts may view several biographic records associated with the same fingerprint information and
4 Treasury and General Government Appropriations Act for Fiscal Year 2001 (Public Law 106-554) P L 106-554 sect 515 114 Stat 2763A- 153 to 2763A-154 (2000) (44 USC sect 3516 note) The law is referred to as the Data Quality Act or alternatively the Information Quality Act
determine that one of the biographic records contains a typographical error These analysts will then resolve the records in the system as a single individual or multiple individuals Through this process US-VISIT works to refine the reliability of the data it uses and provides to other Federal agencies
However US-VISITrsquos current identity resolution effort is not designed to specifically target individuals who are using multiple identities to enter the United States US-VISIT program officials informed us that most of the additional research they perform is based on identity resolution of people who appear to be the same but have different information recorded in US-VISIT data5 According to US-VISIT officials US-VISIT manually reviews IDENT encounters with multiple biographic records to identify potential identity fraud However US-VISIT did not provide evidence to document that it has determined whether all unresolved discrepanciesmdasharising when distinctly different biographical information share the same set of fingerprintsmdashindicate that fraud may have occurred
Data Inconsistencies Hinder Effective Use of Biometrics to Identify and Prevent Use of Fraudulent Identities at US Ports of Entry
The number of records with inconsistent biographic data limits the effectiveness and efficiency of using biometrics to identify and prevent the use of fraudulent identities at US ports of entry The Data Quality Act requires that information disseminated by agencies have maximum quality and integrity However we found numerous data integrity errors in IDENT These errors require US-VISIT to conduct an extensive manual reconciliation process of biographic information belonging to the same individuals This process limits US-VISITrsquos ability to quickly identify instances where multiple biographic data are attributable to fraud rather than data entry errors Our work identified examples where individuals may have attempted to enter the country using different names and birth dates sometimes after having been flagged within IDENT as having derogatory information These examples emphasize the need to provide CBP officers at ports of entry and State Department personnel with information to properly vet individuals before allowing them to enter the United States
5 Since 2005 US-VISIT has identified two instances of biographic fraud and referred them to ICE for further evaluation
US-VISIT Data Contain Hundreds of Thousands of Records With Inconsistent Biographic Information
We found about 825000 records in IDENT belonging to 375000 individuals where key biographic data such as the name andor date of birth did not match other records with the same fingerprint identification number (FIN) 6 These 375000 individuals had more than 47 million nonenforcement7 records in IDENT data including encounters at ports of entry applications for visas and visa extensions More than 4 million (85 percent) were encounters at ports of entry Enforcement data present another significant challenge since they rely heavily on biographic data
Data Entry Errors and Test Data Pose a Challenge to Effective Analysis of US-VISIT Biometric Data
Most of the erroneous records where multiple biographic identities were associated with the same biometrics appear to be data integrity errors Specifically we found that the biographical data that US-VISIT provided from its production environment contained test data submitted by other Federal and law enforcement agencies that are linked to specific FINs We also found inconsistencies in recording last and first names in the birth date format used and in gender-based records as well as other conditions Without ensuring data consistency and identifying instances where different names arise from the use of different biographic identities US-VISIT may be unable to provide timely information that can prevent the use of fraudulent identities to enter the United States
The Data Quality Act requires Federal agencies to ensure and maximize the quality utility and integrity of the data they disseminate9 Further the Standards for Internal Control in the Federal Government10 which establishes minimal level of quality acceptable for internal control in government requires that transactions and events be
6 Biographic discrepancies can occur at the point of collection from inaccurate input by hand unsuccessful scan or swipe of a document or the accidental swap of a document with a traveling companion They can also occur from systems parsing biographic information differently from the same document 7 Nonenforcement records include encounters such as an individualrsquos visits to the United States or applications for a visa to enter the United States but do not include encounters such as contacts with US law enforcement related to immigration violations or criminal activity 8
9The Data Quality Act is operationalized in the Federal Information System Controls Audit Manual which states that the key data elements of an agencyrsquos transactions must be accurate and represent real transactions as opposed to test transactions 10GAOAIMD-00-2131 Standards for Internal Control in the Federal Government November 1999
recorded accurately Inconsistencies in key biographic information between records belonging to a single individual reduce the ability of US-VISIT to meet the Federal information system and internal control standards In addition these inconsistencies can make it difficult to distinguish between data entry errors and individuals potentially committing identity fraud We found that data integrity issues most likely account for most of the 450000 biographic records that did not match other biographic records for the same fingerprint Specifically
US-VISIT collects data from numerous other Federal agencies each with its own data format and collection mechanism For example one agency may enter an individualrsquos name and date of birth manually while another may collect the information automatically from a passport These differences result in data entry errors such as misspellings and transpositions For example over a period of 5 years one individualrsquos name was spelled 17 different ways
Test data existed in the information that US-VISIT provided to us as encounter data For example in a number of instances we found records with the same FIN but with made-up names such as ldquoMickey Mouserdquo and ldquoJarvis Samplerdquo
Inconsistent recording of biographic information exists at ports of entry In one example an individualrsquos first middle and last names were recorded in IDENT in different combinations In another example an individual had 14 different combinations of months days and years for the birth date recorded under the same name in encounters from 2004 to 2011
We found instances where the same fingerprints may have been used when processing travelers at a port of entry In one instance we found that the same set of fingerprints was used for seven different individuals who entered the country over the course of a few hours11 Without isolating these errors US-VISIT will face additional difficulty in distinguishing biographic fraud from data collection errors
We also found that gender-based and other conditions may reduce the consistency of biographic and biometric information within IDENT For example
We found that nearly 400000 records for women have different last names for the same first name date of birth and FIN According to US-VISIT officials these instances are likely women who changed their names after a marriage
11 When provided documentation for this example US-VISIT asserted that the same fingerprints were recorded as the result of a fingerprint scanner ghost image
Names of international travelers were not always captured at ports of entry For example we found that 244000 individuals (as identified by their unique FIN) with nearly 1 million encounters at ports of entry did not have specific biographic identities Instead they were identified in IDENT simply as ldquofrequent travelerrdquo
Dates of birth were not always captured or fell outside of a reasonable range Specifically we found more than 25000 records where the dates of birth were not recorded or were outside of normal ranges For example we found that some international travelers entering the United States were recorded as having dates of birth in the year 2049 Without accurate biographic information US-VISIT faces challenges in fulfilling its mission of using biometrics to prevent identity fraud and deprive criminals and immigration violators of the ability to cross our borders
Examples of Individuals Attempting To Enter the Country Under Multiple Biographic Identities
Although most of the biographic data discrepancies in IDENT data can be attributed to data entry errors we identified instances where individuals appeared to have used different names and dates of birth to attempt to enter the United States These individuals attempted to enter the country multiple times over several years under different biographic data In one example the same set of fingerprints was associated with nine different names and nine different birth dates in 10 different attempts to enter the United States In another example the same individual (as identified by the same set of fingerprints) had eight different names and eight different birth dates listed in IDENT data for nine attempts to enter the United States
In addition to individuals who the data pointed to a limited
number of instances where an individual with a derogatory record supplied different biographic information to CBP officers to attempt to enter the United States 12 For example
12 Subsequent to our analysis we provided US-VISIT with a file containing information on individuals who were recorded at ports of entry with different biographic information with the same FINs US-VISIT then made available to us information about derogatory information on these individuals
A male who used two different names and dates of birth to attempt to enter the United States in 2008 and 2011 was identified as a repeated criminal (recidivist) alien13
A male used two different identities to apply for visas from the Department of State After being denied entry in 2009 he used yet a third name and date of birth to attempt to enter the country later in the same year and was refused entry
A female who was identified as a recidivist alien in 2008 used different biographic data to visit the United States once in 2009 and twice in 2011
A female who was identified as a recidivist alien in 2006 attempted to enter the country on three visits in 2009 2010 and 2011 under variations of the same name
Conclusion
Significant inconsistencies exist in the biographic information that US-VISIT maintains on foreign visitors and aliens entering and exiting the United States Although most of the inconsistencies can be attributable to data input issues US-VISIT is unable to quantify the extent to which the same individuals provided different biographical data to circumvent controls and enter the United States improperly Without this information US-VISIT may be hindered in its ability to share information that could help border enforcement agencies prevent improper entries into the United States We will provide the results of our analysis of multiple biographic identities to US-VISIT for further research and potential action
Recommendation(s)
We recommend that the Director US-VISIT
Recommendation 1
Review data inconsistencies that we have provided to the US-VISIT office to determine if additional examples of biographic fraud exist beyond the two cases that it previously referred to ICE
13 US-VISIT has stated that bulleted examples 1 and 3 are results of incorrectly entered derogatory information in the system that will require data cleanup
Recommendation 2
Provide information on individuals determined to be using multiple biographic identities to appropriate law enforcement entities for identity fraud resolution and possible inclusion on the biometric watch list so they are identifiable when entering the United States
Management Comments and OIG Analysis
We obtained written comments on a draft report from the Under Secretary NPPD We have included a copy of the comments in their entirety in appendix B
In the comments the DHS Under Secretary for NPPD concurred with both report recommendations and provided comments on specific areas within the report We have reviewed managementrsquos comments and provide an evaluation below
In response to our first recommendation the DHS Under Secretary for NPPD requests that we remove the word ldquoadditionalrdquo from our recommendation when referring to examples of biographic fraud We have changed the report language to refer more clearly to the two cases of biographic fraud that NPPD previously referred to ICE
In response to our second recommendation the DHS Under Secretary for NPPD states that US-VISIT has initiated a proactive review of processes to identify potential fraud used by individuals attempting to enter the United States or obtain immigration benefits This is performed through a review of multiple alien registration numbers NPPD reported that to date US-VISIT has researched more than 1200 records and added 192 individuals to the Watch List
We believe that the actions that have been initiated partially satisfy the intent of this recommendation However US-VISIT also needs to expand its analysis to include the review of potential identity fraud associated with international travelers including travelers from visa waiver countries who did not have alien registration numbers or did not have to apply for visas from the Department of State Without a comprehensive plan to include these travelers US-VISIT will not be able to identify all individuals who may be using multiple biographic identities
In response to our report NPPD also stated that US-VISIT provides a layer of defense but is not the only line of defense against identity fraud and that CBP also plays a critical role in identifying individuals who use multiple biographic identities to enter the United States
We acknowledge that the security infrastructure at US borders is layered and that the critical work performed by CBP and the Department of State mitigates some of the security
risk However this report is not intended to be a broad overview of the entire security of our borders Rather this report specifically addresses US-VISITrsquos role in safeguarding against identity fraud By taking a greater proactive role in identifying and alerting CBP officers of potential identity fraud US-VISIT can provide valuable information to aid in securing our borders
Appendix A Objectives Scope and Methodology
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978 This is one of a series of audit inspection and special reports prepared as part of our oversight responsibilities to promote economy efficiency and effectiveness within the Department
Based on preliminary findings from survey work performed at United States Citizenship and Immigration Services we initiated a review of US-VISITrsquos internal controls over biographic identities The objectives of the review were to determine whether (1) US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States and (2) indications exist that individuals sought to enter the United States using different identities
To determine whether US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States we obtained US-VISITrsquos encounter biographic and document records from IDENT for 1998 through 2011 We eliminated nonentry encounters including enforcement and data-sharing records from our analysis We identified instances where individuals may have used multiple biographic identities by comparing the names and dates of birth recorded in US-VISIT records for encounters belonging to a single fingerprint identification number In this effort we utilized the expertise of an outside contractor Eastport Analytics as well as our own analysis We followed up on the results of our analysis by interviewing US-VISIT staff and reviewing documents provided by US-VISIT
To determine whether indications exist that individuals sought to enter the United States using different identities we analyzed the results of the analysis to test whether there was evidence of use of multiple biographic identities We provided a limited set of those results to US-VISIT staff to obtain any derogatory information related to the entry encounters of those individuals Finally we reviewed encounter biographic and derogatory records related to some of those individuals We briefed US-VISIT concerning the results of fieldwork and the information summarized in this report
We conducted this performance audit between September 2011 and March 2012 pursuant to the Inspector General Act of 1978 as amended and according to generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
MEMORANDUM FOR
August 13 2012
Robert A Mocny Director US-VISIT
FROM Frank Deffer Assistant Inspector General Information Technology Audits
SUBJECT Letter Report US-VISIT Faces Challenges in Identifying and Reporting Multiple Biographic Identities
Attached for your information is our final letter report US-VISIT Faces Challenges in Identifying and Reporting Multiple Biographic Identities We incorporated the formal comments from the National Protection and Programs Directorate in the final report
The report contains two recommendations aimed at improving US-VISIT Your office concurred with both recommendations As prescribed by the Department of Homeland Security Directive 077-1 Follow-Up and Resolutions for the Office of Inspector General Report Recommendations within 90 days of the date of this memorandum please provide our office with a written response that includes your 1) agreement or disagreement 2) corrective action plan and 3) target completion date for each recommendation Also please include responsible parties and any other supporting documentation necessary to inform us about the current status of the recommendation Until your response is received and evaluated the recommendations will be considered open and unresolved
Consistent with our responsibility under the Inspector General Act we are providing copies of our report to appropriate congressional committees with oversight and appropriation responsibility over the Department of Homeland Security We will post the report on our website for public dissemination
Major contributors to this report are John Kelly Acting Deputy Assistant Inspector General Tuyet-Quan Thai Regional Director Scott Wrightson Audit Manager and Josh Wilshere Forensic Auditor
Please call me with any questions or your staff may contact Quan Thai Regional Director at 425-582-7861
Attachment
Background
US-VISIT is a program administered by the Department of Homeland Securityrsquos (DHSrsquos) National Protection amp Programs Directorate (NPPD) US-VISITrsquos goals are to enhance the security of US citizens and visitors facilitate legitimate travel and trade ensure the integrity of the US immigration system and protect the privacy of visitors To achieve these goals the program processes and maintains biographic and biometric information collected by other Federal entities such as the State Department and US Customs and Border Protection (CBP)1 US-VISIT also shares information on the entry and departure of foreign visitors who pass through US ports of entry US-VISIT processes biometric information such as fingerprints and photographs that along with other biographic and biometric information that it shares with other Federal entities can be used to verify foreign nationalsrsquo identities authenticate travel documents and determine the admissibility of visitors immigrants and refugees The biometric identification services that US-VISIT provides are designed to help decision makers throughout the immigration border management law enforcement and intelligence communities to accurately identify the people they encounter and determine whether those people pose a risk to the United States
As the repository of biometric and biographic data US-VISIT interfaces with numerous other Federal systems including the following
Advance Passenger Information System Arrival Departure Information System Automated Biometric Identification System Computer Linked Application Information Management Systems Consular Consolidated Database Image Storage and Retrieval System Integrated Automated Fingerprint Identification System Student and Exchange Visitor Information System DHSCBP-011 TECS
These systems provide biometric and biographic information to US-VISIT for foreign visitors visa applicants and certain criminals US-VISIT personnel can then analyze this information and share it with other Federal State and local entities
1 Biographic information may include a personrsquos name and date of birth Biometric information may include a personrsquos fingerprint image or photograph collected at a port of entry
According to the US-VISIT program office for each encounter (ie each time an international traveler passes through a US port of entry) US-VISIT checks the personrsquos biometrics against a biometric watch list of more than 64 million known or suspected terrorists criminals and immigration violators identified by US authorities and Interpol When a foreign visitor presents an identification document US-VISIT can check the personrsquos biometrics against other files that could be accessed to ensure that the document belongs to the person presenting it and not to someone else Finally other Federal law enforcement and Intelligence Community organizations can request that US-VISIT provide biographic and biometric information in the course of their investigations andor research
Results of Review
US-VISIT faces challenges in systematically identifying and flagging potential use of fraudulent biographic identities Our analysis of Automated Biometric Identification System (IDENT) data found 825000 instances where the same fingerprints were associated with different biographic data2 These differences ranged from misspelled names and transposed birth dates to completely different names and birth dates According to US-VISIT officials US-VISIT has instituted programs to identify individuals who may have overstayed the condition of their visas and has performed manual procedures to analyze entry and exit data to associate fingerprints with biographic information However US-VISIT has not developed
This information may assist CBP officers in identifying aliens using potentially fraudulent information at ports of entry
Although most of the hundreds of thousands of discrepant records involve data integrity errors likely occurring at the point of collection we found instances where individuals may have supplied different names and dates of birth at ports of entry In some cases we found that individuals used different biographic identities at a port of entry after they had applied for a visa under a different name or been identified as a recidivist alien
2 The 825000 records represent 02 percent of overall IDENT encounter data we received from US-VISIT Although this is a very small percentage of the total records the volume of records makes it significant 3 Other controls during the entry process may help to mitigate some risk of biographic identity fraud For example during the biovisa application process for people from countries who are required to have visas to enter the United States State Department personnel are supposed to check a personrsquos fingerprints against all previous biographic records for that set of fingerprints to ensure that the person has not previously used a different set of biographic information to enter the United States
The ldquoData Quality Actrdquo4 or ldquoInformation Quality Actrdquo requires Federal agencies to use and disseminate accurate information Inaccurate and inconsistent information related to hundreds of thousands of individuals reduces the accuracy of US-VISIT data monitoring and impedes US-VISITrsquos ability to verify that individuals attempting to enter the United States are providing their true names and dates of birth
US-VISIT Needs to Improve Procedures That Specifically Target Individuals Using Multiple Biographic Identities To Enter the United States
US-VISIT has to determine if individuals are using multiple
biographic identities when attempting to enter the United States We found evidence that IDENT data contain entry records for hundreds of thousands of individuals whose biographic data were different than their biometrics (ie individuals with the same fingerprints had different names andor dates of birth recorded for different encounters) Given that there are hundreds of millions of biometric records in IDENT if US-VISIT
US-VISIT offers decision makers limited assistance
US-VISIT officials said that US-VISIT regularly compares visa information against entry and departure data to identify individuals who have overstayed their immigrant or visitor visas It regularly provides overstay information to Immigrations and Customs Enforcement (ICE) to help identify and apprehend overstays US-VISIT also has established overstay outlooks so CBP officers and Department of State personnel can be warned of potential overstays seeking reentry to the United States This process replaced a system where individuals overstaying the terms of their admission to the United States were identified only on an ad hoc basis as part of contact they had with law enforcement In fiscal year 2011 US-VISIT provided ICE with more than 900 visas overstay leads per week
US-VISIT also has an identity resolution process to manually review instances where differences in biographic datamdashfor the same sets of biometricsmdashcan be attributable to input and other data errors To achieve this objective US-VISIT analysts may determine whether records with slightly different biographic information belong to a single individual or may have been incorrectly inputted at the point of collection Analysts then update the system to reflect that decision For example US-VISIT analysts may view several biographic records associated with the same fingerprint information and
4 Treasury and General Government Appropriations Act for Fiscal Year 2001 (Public Law 106-554) P L 106-554 sect 515 114 Stat 2763A- 153 to 2763A-154 (2000) (44 USC sect 3516 note) The law is referred to as the Data Quality Act or alternatively the Information Quality Act
determine that one of the biographic records contains a typographical error These analysts will then resolve the records in the system as a single individual or multiple individuals Through this process US-VISIT works to refine the reliability of the data it uses and provides to other Federal agencies
However US-VISITrsquos current identity resolution effort is not designed to specifically target individuals who are using multiple identities to enter the United States US-VISIT program officials informed us that most of the additional research they perform is based on identity resolution of people who appear to be the same but have different information recorded in US-VISIT data5 According to US-VISIT officials US-VISIT manually reviews IDENT encounters with multiple biographic records to identify potential identity fraud However US-VISIT did not provide evidence to document that it has determined whether all unresolved discrepanciesmdasharising when distinctly different biographical information share the same set of fingerprintsmdashindicate that fraud may have occurred
Data Inconsistencies Hinder Effective Use of Biometrics to Identify and Prevent Use of Fraudulent Identities at US Ports of Entry
The number of records with inconsistent biographic data limits the effectiveness and efficiency of using biometrics to identify and prevent the use of fraudulent identities at US ports of entry The Data Quality Act requires that information disseminated by agencies have maximum quality and integrity However we found numerous data integrity errors in IDENT These errors require US-VISIT to conduct an extensive manual reconciliation process of biographic information belonging to the same individuals This process limits US-VISITrsquos ability to quickly identify instances where multiple biographic data are attributable to fraud rather than data entry errors Our work identified examples where individuals may have attempted to enter the country using different names and birth dates sometimes after having been flagged within IDENT as having derogatory information These examples emphasize the need to provide CBP officers at ports of entry and State Department personnel with information to properly vet individuals before allowing them to enter the United States
5 Since 2005 US-VISIT has identified two instances of biographic fraud and referred them to ICE for further evaluation
US-VISIT Data Contain Hundreds of Thousands of Records With Inconsistent Biographic Information
We found about 825000 records in IDENT belonging to 375000 individuals where key biographic data such as the name andor date of birth did not match other records with the same fingerprint identification number (FIN) 6 These 375000 individuals had more than 47 million nonenforcement7 records in IDENT data including encounters at ports of entry applications for visas and visa extensions More than 4 million (85 percent) were encounters at ports of entry Enforcement data present another significant challenge since they rely heavily on biographic data
Data Entry Errors and Test Data Pose a Challenge to Effective Analysis of US-VISIT Biometric Data
Most of the erroneous records where multiple biographic identities were associated with the same biometrics appear to be data integrity errors Specifically we found that the biographical data that US-VISIT provided from its production environment contained test data submitted by other Federal and law enforcement agencies that are linked to specific FINs We also found inconsistencies in recording last and first names in the birth date format used and in gender-based records as well as other conditions Without ensuring data consistency and identifying instances where different names arise from the use of different biographic identities US-VISIT may be unable to provide timely information that can prevent the use of fraudulent identities to enter the United States
The Data Quality Act requires Federal agencies to ensure and maximize the quality utility and integrity of the data they disseminate9 Further the Standards for Internal Control in the Federal Government10 which establishes minimal level of quality acceptable for internal control in government requires that transactions and events be
6 Biographic discrepancies can occur at the point of collection from inaccurate input by hand unsuccessful scan or swipe of a document or the accidental swap of a document with a traveling companion They can also occur from systems parsing biographic information differently from the same document 7 Nonenforcement records include encounters such as an individualrsquos visits to the United States or applications for a visa to enter the United States but do not include encounters such as contacts with US law enforcement related to immigration violations or criminal activity 8
9The Data Quality Act is operationalized in the Federal Information System Controls Audit Manual which states that the key data elements of an agencyrsquos transactions must be accurate and represent real transactions as opposed to test transactions 10GAOAIMD-00-2131 Standards for Internal Control in the Federal Government November 1999
recorded accurately Inconsistencies in key biographic information between records belonging to a single individual reduce the ability of US-VISIT to meet the Federal information system and internal control standards In addition these inconsistencies can make it difficult to distinguish between data entry errors and individuals potentially committing identity fraud We found that data integrity issues most likely account for most of the 450000 biographic records that did not match other biographic records for the same fingerprint Specifically
US-VISIT collects data from numerous other Federal agencies each with its own data format and collection mechanism For example one agency may enter an individualrsquos name and date of birth manually while another may collect the information automatically from a passport These differences result in data entry errors such as misspellings and transpositions For example over a period of 5 years one individualrsquos name was spelled 17 different ways
Test data existed in the information that US-VISIT provided to us as encounter data For example in a number of instances we found records with the same FIN but with made-up names such as ldquoMickey Mouserdquo and ldquoJarvis Samplerdquo
Inconsistent recording of biographic information exists at ports of entry In one example an individualrsquos first middle and last names were recorded in IDENT in different combinations In another example an individual had 14 different combinations of months days and years for the birth date recorded under the same name in encounters from 2004 to 2011
We found instances where the same fingerprints may have been used when processing travelers at a port of entry In one instance we found that the same set of fingerprints was used for seven different individuals who entered the country over the course of a few hours11 Without isolating these errors US-VISIT will face additional difficulty in distinguishing biographic fraud from data collection errors
We also found that gender-based and other conditions may reduce the consistency of biographic and biometric information within IDENT For example
We found that nearly 400000 records for women have different last names for the same first name date of birth and FIN According to US-VISIT officials these instances are likely women who changed their names after a marriage
11 When provided documentation for this example US-VISIT asserted that the same fingerprints were recorded as the result of a fingerprint scanner ghost image
Names of international travelers were not always captured at ports of entry For example we found that 244000 individuals (as identified by their unique FIN) with nearly 1 million encounters at ports of entry did not have specific biographic identities Instead they were identified in IDENT simply as ldquofrequent travelerrdquo
Dates of birth were not always captured or fell outside of a reasonable range Specifically we found more than 25000 records where the dates of birth were not recorded or were outside of normal ranges For example we found that some international travelers entering the United States were recorded as having dates of birth in the year 2049 Without accurate biographic information US-VISIT faces challenges in fulfilling its mission of using biometrics to prevent identity fraud and deprive criminals and immigration violators of the ability to cross our borders
Examples of Individuals Attempting To Enter the Country Under Multiple Biographic Identities
Although most of the biographic data discrepancies in IDENT data can be attributed to data entry errors we identified instances where individuals appeared to have used different names and dates of birth to attempt to enter the United States These individuals attempted to enter the country multiple times over several years under different biographic data In one example the same set of fingerprints was associated with nine different names and nine different birth dates in 10 different attempts to enter the United States In another example the same individual (as identified by the same set of fingerprints) had eight different names and eight different birth dates listed in IDENT data for nine attempts to enter the United States
In addition to individuals who the data pointed to a limited
number of instances where an individual with a derogatory record supplied different biographic information to CBP officers to attempt to enter the United States 12 For example
12 Subsequent to our analysis we provided US-VISIT with a file containing information on individuals who were recorded at ports of entry with different biographic information with the same FINs US-VISIT then made available to us information about derogatory information on these individuals
A male who used two different names and dates of birth to attempt to enter the United States in 2008 and 2011 was identified as a repeated criminal (recidivist) alien13
A male used two different identities to apply for visas from the Department of State After being denied entry in 2009 he used yet a third name and date of birth to attempt to enter the country later in the same year and was refused entry
A female who was identified as a recidivist alien in 2008 used different biographic data to visit the United States once in 2009 and twice in 2011
A female who was identified as a recidivist alien in 2006 attempted to enter the country on three visits in 2009 2010 and 2011 under variations of the same name
Conclusion
Significant inconsistencies exist in the biographic information that US-VISIT maintains on foreign visitors and aliens entering and exiting the United States Although most of the inconsistencies can be attributable to data input issues US-VISIT is unable to quantify the extent to which the same individuals provided different biographical data to circumvent controls and enter the United States improperly Without this information US-VISIT may be hindered in its ability to share information that could help border enforcement agencies prevent improper entries into the United States We will provide the results of our analysis of multiple biographic identities to US-VISIT for further research and potential action
Recommendation(s)
We recommend that the Director US-VISIT
Recommendation 1
Review data inconsistencies that we have provided to the US-VISIT office to determine if additional examples of biographic fraud exist beyond the two cases that it previously referred to ICE
13 US-VISIT has stated that bulleted examples 1 and 3 are results of incorrectly entered derogatory information in the system that will require data cleanup
Recommendation 2
Provide information on individuals determined to be using multiple biographic identities to appropriate law enforcement entities for identity fraud resolution and possible inclusion on the biometric watch list so they are identifiable when entering the United States
Management Comments and OIG Analysis
We obtained written comments on a draft report from the Under Secretary NPPD We have included a copy of the comments in their entirety in appendix B
In the comments the DHS Under Secretary for NPPD concurred with both report recommendations and provided comments on specific areas within the report We have reviewed managementrsquos comments and provide an evaluation below
In response to our first recommendation the DHS Under Secretary for NPPD requests that we remove the word ldquoadditionalrdquo from our recommendation when referring to examples of biographic fraud We have changed the report language to refer more clearly to the two cases of biographic fraud that NPPD previously referred to ICE
In response to our second recommendation the DHS Under Secretary for NPPD states that US-VISIT has initiated a proactive review of processes to identify potential fraud used by individuals attempting to enter the United States or obtain immigration benefits This is performed through a review of multiple alien registration numbers NPPD reported that to date US-VISIT has researched more than 1200 records and added 192 individuals to the Watch List
We believe that the actions that have been initiated partially satisfy the intent of this recommendation However US-VISIT also needs to expand its analysis to include the review of potential identity fraud associated with international travelers including travelers from visa waiver countries who did not have alien registration numbers or did not have to apply for visas from the Department of State Without a comprehensive plan to include these travelers US-VISIT will not be able to identify all individuals who may be using multiple biographic identities
In response to our report NPPD also stated that US-VISIT provides a layer of defense but is not the only line of defense against identity fraud and that CBP also plays a critical role in identifying individuals who use multiple biographic identities to enter the United States
We acknowledge that the security infrastructure at US borders is layered and that the critical work performed by CBP and the Department of State mitigates some of the security
risk However this report is not intended to be a broad overview of the entire security of our borders Rather this report specifically addresses US-VISITrsquos role in safeguarding against identity fraud By taking a greater proactive role in identifying and alerting CBP officers of potential identity fraud US-VISIT can provide valuable information to aid in securing our borders
Appendix A Objectives Scope and Methodology
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978 This is one of a series of audit inspection and special reports prepared as part of our oversight responsibilities to promote economy efficiency and effectiveness within the Department
Based on preliminary findings from survey work performed at United States Citizenship and Immigration Services we initiated a review of US-VISITrsquos internal controls over biographic identities The objectives of the review were to determine whether (1) US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States and (2) indications exist that individuals sought to enter the United States using different identities
To determine whether US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States we obtained US-VISITrsquos encounter biographic and document records from IDENT for 1998 through 2011 We eliminated nonentry encounters including enforcement and data-sharing records from our analysis We identified instances where individuals may have used multiple biographic identities by comparing the names and dates of birth recorded in US-VISIT records for encounters belonging to a single fingerprint identification number In this effort we utilized the expertise of an outside contractor Eastport Analytics as well as our own analysis We followed up on the results of our analysis by interviewing US-VISIT staff and reviewing documents provided by US-VISIT
To determine whether indications exist that individuals sought to enter the United States using different identities we analyzed the results of the analysis to test whether there was evidence of use of multiple biographic identities We provided a limited set of those results to US-VISIT staff to obtain any derogatory information related to the entry encounters of those individuals Finally we reviewed encounter biographic and derogatory records related to some of those individuals We briefed US-VISIT concerning the results of fieldwork and the information summarized in this report
We conducted this performance audit between September 2011 and March 2012 pursuant to the Inspector General Act of 1978 as amended and according to generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
Background
US-VISIT is a program administered by the Department of Homeland Securityrsquos (DHSrsquos) National Protection amp Programs Directorate (NPPD) US-VISITrsquos goals are to enhance the security of US citizens and visitors facilitate legitimate travel and trade ensure the integrity of the US immigration system and protect the privacy of visitors To achieve these goals the program processes and maintains biographic and biometric information collected by other Federal entities such as the State Department and US Customs and Border Protection (CBP)1 US-VISIT also shares information on the entry and departure of foreign visitors who pass through US ports of entry US-VISIT processes biometric information such as fingerprints and photographs that along with other biographic and biometric information that it shares with other Federal entities can be used to verify foreign nationalsrsquo identities authenticate travel documents and determine the admissibility of visitors immigrants and refugees The biometric identification services that US-VISIT provides are designed to help decision makers throughout the immigration border management law enforcement and intelligence communities to accurately identify the people they encounter and determine whether those people pose a risk to the United States
As the repository of biometric and biographic data US-VISIT interfaces with numerous other Federal systems including the following
Advance Passenger Information System Arrival Departure Information System Automated Biometric Identification System Computer Linked Application Information Management Systems Consular Consolidated Database Image Storage and Retrieval System Integrated Automated Fingerprint Identification System Student and Exchange Visitor Information System DHSCBP-011 TECS
These systems provide biometric and biographic information to US-VISIT for foreign visitors visa applicants and certain criminals US-VISIT personnel can then analyze this information and share it with other Federal State and local entities
1 Biographic information may include a personrsquos name and date of birth Biometric information may include a personrsquos fingerprint image or photograph collected at a port of entry
According to the US-VISIT program office for each encounter (ie each time an international traveler passes through a US port of entry) US-VISIT checks the personrsquos biometrics against a biometric watch list of more than 64 million known or suspected terrorists criminals and immigration violators identified by US authorities and Interpol When a foreign visitor presents an identification document US-VISIT can check the personrsquos biometrics against other files that could be accessed to ensure that the document belongs to the person presenting it and not to someone else Finally other Federal law enforcement and Intelligence Community organizations can request that US-VISIT provide biographic and biometric information in the course of their investigations andor research
Results of Review
US-VISIT faces challenges in systematically identifying and flagging potential use of fraudulent biographic identities Our analysis of Automated Biometric Identification System (IDENT) data found 825000 instances where the same fingerprints were associated with different biographic data2 These differences ranged from misspelled names and transposed birth dates to completely different names and birth dates According to US-VISIT officials US-VISIT has instituted programs to identify individuals who may have overstayed the condition of their visas and has performed manual procedures to analyze entry and exit data to associate fingerprints with biographic information However US-VISIT has not developed
This information may assist CBP officers in identifying aliens using potentially fraudulent information at ports of entry
Although most of the hundreds of thousands of discrepant records involve data integrity errors likely occurring at the point of collection we found instances where individuals may have supplied different names and dates of birth at ports of entry In some cases we found that individuals used different biographic identities at a port of entry after they had applied for a visa under a different name or been identified as a recidivist alien
2 The 825000 records represent 02 percent of overall IDENT encounter data we received from US-VISIT Although this is a very small percentage of the total records the volume of records makes it significant 3 Other controls during the entry process may help to mitigate some risk of biographic identity fraud For example during the biovisa application process for people from countries who are required to have visas to enter the United States State Department personnel are supposed to check a personrsquos fingerprints against all previous biographic records for that set of fingerprints to ensure that the person has not previously used a different set of biographic information to enter the United States
The ldquoData Quality Actrdquo4 or ldquoInformation Quality Actrdquo requires Federal agencies to use and disseminate accurate information Inaccurate and inconsistent information related to hundreds of thousands of individuals reduces the accuracy of US-VISIT data monitoring and impedes US-VISITrsquos ability to verify that individuals attempting to enter the United States are providing their true names and dates of birth
US-VISIT Needs to Improve Procedures That Specifically Target Individuals Using Multiple Biographic Identities To Enter the United States
US-VISIT has to determine if individuals are using multiple
biographic identities when attempting to enter the United States We found evidence that IDENT data contain entry records for hundreds of thousands of individuals whose biographic data were different than their biometrics (ie individuals with the same fingerprints had different names andor dates of birth recorded for different encounters) Given that there are hundreds of millions of biometric records in IDENT if US-VISIT
US-VISIT offers decision makers limited assistance
US-VISIT officials said that US-VISIT regularly compares visa information against entry and departure data to identify individuals who have overstayed their immigrant or visitor visas It regularly provides overstay information to Immigrations and Customs Enforcement (ICE) to help identify and apprehend overstays US-VISIT also has established overstay outlooks so CBP officers and Department of State personnel can be warned of potential overstays seeking reentry to the United States This process replaced a system where individuals overstaying the terms of their admission to the United States were identified only on an ad hoc basis as part of contact they had with law enforcement In fiscal year 2011 US-VISIT provided ICE with more than 900 visas overstay leads per week
US-VISIT also has an identity resolution process to manually review instances where differences in biographic datamdashfor the same sets of biometricsmdashcan be attributable to input and other data errors To achieve this objective US-VISIT analysts may determine whether records with slightly different biographic information belong to a single individual or may have been incorrectly inputted at the point of collection Analysts then update the system to reflect that decision For example US-VISIT analysts may view several biographic records associated with the same fingerprint information and
4 Treasury and General Government Appropriations Act for Fiscal Year 2001 (Public Law 106-554) P L 106-554 sect 515 114 Stat 2763A- 153 to 2763A-154 (2000) (44 USC sect 3516 note) The law is referred to as the Data Quality Act or alternatively the Information Quality Act
determine that one of the biographic records contains a typographical error These analysts will then resolve the records in the system as a single individual or multiple individuals Through this process US-VISIT works to refine the reliability of the data it uses and provides to other Federal agencies
However US-VISITrsquos current identity resolution effort is not designed to specifically target individuals who are using multiple identities to enter the United States US-VISIT program officials informed us that most of the additional research they perform is based on identity resolution of people who appear to be the same but have different information recorded in US-VISIT data5 According to US-VISIT officials US-VISIT manually reviews IDENT encounters with multiple biographic records to identify potential identity fraud However US-VISIT did not provide evidence to document that it has determined whether all unresolved discrepanciesmdasharising when distinctly different biographical information share the same set of fingerprintsmdashindicate that fraud may have occurred
Data Inconsistencies Hinder Effective Use of Biometrics to Identify and Prevent Use of Fraudulent Identities at US Ports of Entry
The number of records with inconsistent biographic data limits the effectiveness and efficiency of using biometrics to identify and prevent the use of fraudulent identities at US ports of entry The Data Quality Act requires that information disseminated by agencies have maximum quality and integrity However we found numerous data integrity errors in IDENT These errors require US-VISIT to conduct an extensive manual reconciliation process of biographic information belonging to the same individuals This process limits US-VISITrsquos ability to quickly identify instances where multiple biographic data are attributable to fraud rather than data entry errors Our work identified examples where individuals may have attempted to enter the country using different names and birth dates sometimes after having been flagged within IDENT as having derogatory information These examples emphasize the need to provide CBP officers at ports of entry and State Department personnel with information to properly vet individuals before allowing them to enter the United States
5 Since 2005 US-VISIT has identified two instances of biographic fraud and referred them to ICE for further evaluation
US-VISIT Data Contain Hundreds of Thousands of Records With Inconsistent Biographic Information
We found about 825000 records in IDENT belonging to 375000 individuals where key biographic data such as the name andor date of birth did not match other records with the same fingerprint identification number (FIN) 6 These 375000 individuals had more than 47 million nonenforcement7 records in IDENT data including encounters at ports of entry applications for visas and visa extensions More than 4 million (85 percent) were encounters at ports of entry Enforcement data present another significant challenge since they rely heavily on biographic data
Data Entry Errors and Test Data Pose a Challenge to Effective Analysis of US-VISIT Biometric Data
Most of the erroneous records where multiple biographic identities were associated with the same biometrics appear to be data integrity errors Specifically we found that the biographical data that US-VISIT provided from its production environment contained test data submitted by other Federal and law enforcement agencies that are linked to specific FINs We also found inconsistencies in recording last and first names in the birth date format used and in gender-based records as well as other conditions Without ensuring data consistency and identifying instances where different names arise from the use of different biographic identities US-VISIT may be unable to provide timely information that can prevent the use of fraudulent identities to enter the United States
The Data Quality Act requires Federal agencies to ensure and maximize the quality utility and integrity of the data they disseminate9 Further the Standards for Internal Control in the Federal Government10 which establishes minimal level of quality acceptable for internal control in government requires that transactions and events be
6 Biographic discrepancies can occur at the point of collection from inaccurate input by hand unsuccessful scan or swipe of a document or the accidental swap of a document with a traveling companion They can also occur from systems parsing biographic information differently from the same document 7 Nonenforcement records include encounters such as an individualrsquos visits to the United States or applications for a visa to enter the United States but do not include encounters such as contacts with US law enforcement related to immigration violations or criminal activity 8
9The Data Quality Act is operationalized in the Federal Information System Controls Audit Manual which states that the key data elements of an agencyrsquos transactions must be accurate and represent real transactions as opposed to test transactions 10GAOAIMD-00-2131 Standards for Internal Control in the Federal Government November 1999
recorded accurately Inconsistencies in key biographic information between records belonging to a single individual reduce the ability of US-VISIT to meet the Federal information system and internal control standards In addition these inconsistencies can make it difficult to distinguish between data entry errors and individuals potentially committing identity fraud We found that data integrity issues most likely account for most of the 450000 biographic records that did not match other biographic records for the same fingerprint Specifically
US-VISIT collects data from numerous other Federal agencies each with its own data format and collection mechanism For example one agency may enter an individualrsquos name and date of birth manually while another may collect the information automatically from a passport These differences result in data entry errors such as misspellings and transpositions For example over a period of 5 years one individualrsquos name was spelled 17 different ways
Test data existed in the information that US-VISIT provided to us as encounter data For example in a number of instances we found records with the same FIN but with made-up names such as ldquoMickey Mouserdquo and ldquoJarvis Samplerdquo
Inconsistent recording of biographic information exists at ports of entry In one example an individualrsquos first middle and last names were recorded in IDENT in different combinations In another example an individual had 14 different combinations of months days and years for the birth date recorded under the same name in encounters from 2004 to 2011
We found instances where the same fingerprints may have been used when processing travelers at a port of entry In one instance we found that the same set of fingerprints was used for seven different individuals who entered the country over the course of a few hours11 Without isolating these errors US-VISIT will face additional difficulty in distinguishing biographic fraud from data collection errors
We also found that gender-based and other conditions may reduce the consistency of biographic and biometric information within IDENT For example
We found that nearly 400000 records for women have different last names for the same first name date of birth and FIN According to US-VISIT officials these instances are likely women who changed their names after a marriage
11 When provided documentation for this example US-VISIT asserted that the same fingerprints were recorded as the result of a fingerprint scanner ghost image
Names of international travelers were not always captured at ports of entry For example we found that 244000 individuals (as identified by their unique FIN) with nearly 1 million encounters at ports of entry did not have specific biographic identities Instead they were identified in IDENT simply as ldquofrequent travelerrdquo
Dates of birth were not always captured or fell outside of a reasonable range Specifically we found more than 25000 records where the dates of birth were not recorded or were outside of normal ranges For example we found that some international travelers entering the United States were recorded as having dates of birth in the year 2049 Without accurate biographic information US-VISIT faces challenges in fulfilling its mission of using biometrics to prevent identity fraud and deprive criminals and immigration violators of the ability to cross our borders
Examples of Individuals Attempting To Enter the Country Under Multiple Biographic Identities
Although most of the biographic data discrepancies in IDENT data can be attributed to data entry errors we identified instances where individuals appeared to have used different names and dates of birth to attempt to enter the United States These individuals attempted to enter the country multiple times over several years under different biographic data In one example the same set of fingerprints was associated with nine different names and nine different birth dates in 10 different attempts to enter the United States In another example the same individual (as identified by the same set of fingerprints) had eight different names and eight different birth dates listed in IDENT data for nine attempts to enter the United States
In addition to individuals who the data pointed to a limited
number of instances where an individual with a derogatory record supplied different biographic information to CBP officers to attempt to enter the United States 12 For example
12 Subsequent to our analysis we provided US-VISIT with a file containing information on individuals who were recorded at ports of entry with different biographic information with the same FINs US-VISIT then made available to us information about derogatory information on these individuals
A male who used two different names and dates of birth to attempt to enter the United States in 2008 and 2011 was identified as a repeated criminal (recidivist) alien13
A male used two different identities to apply for visas from the Department of State After being denied entry in 2009 he used yet a third name and date of birth to attempt to enter the country later in the same year and was refused entry
A female who was identified as a recidivist alien in 2008 used different biographic data to visit the United States once in 2009 and twice in 2011
A female who was identified as a recidivist alien in 2006 attempted to enter the country on three visits in 2009 2010 and 2011 under variations of the same name
Conclusion
Significant inconsistencies exist in the biographic information that US-VISIT maintains on foreign visitors and aliens entering and exiting the United States Although most of the inconsistencies can be attributable to data input issues US-VISIT is unable to quantify the extent to which the same individuals provided different biographical data to circumvent controls and enter the United States improperly Without this information US-VISIT may be hindered in its ability to share information that could help border enforcement agencies prevent improper entries into the United States We will provide the results of our analysis of multiple biographic identities to US-VISIT for further research and potential action
Recommendation(s)
We recommend that the Director US-VISIT
Recommendation 1
Review data inconsistencies that we have provided to the US-VISIT office to determine if additional examples of biographic fraud exist beyond the two cases that it previously referred to ICE
13 US-VISIT has stated that bulleted examples 1 and 3 are results of incorrectly entered derogatory information in the system that will require data cleanup
Recommendation 2
Provide information on individuals determined to be using multiple biographic identities to appropriate law enforcement entities for identity fraud resolution and possible inclusion on the biometric watch list so they are identifiable when entering the United States
Management Comments and OIG Analysis
We obtained written comments on a draft report from the Under Secretary NPPD We have included a copy of the comments in their entirety in appendix B
In the comments the DHS Under Secretary for NPPD concurred with both report recommendations and provided comments on specific areas within the report We have reviewed managementrsquos comments and provide an evaluation below
In response to our first recommendation the DHS Under Secretary for NPPD requests that we remove the word ldquoadditionalrdquo from our recommendation when referring to examples of biographic fraud We have changed the report language to refer more clearly to the two cases of biographic fraud that NPPD previously referred to ICE
In response to our second recommendation the DHS Under Secretary for NPPD states that US-VISIT has initiated a proactive review of processes to identify potential fraud used by individuals attempting to enter the United States or obtain immigration benefits This is performed through a review of multiple alien registration numbers NPPD reported that to date US-VISIT has researched more than 1200 records and added 192 individuals to the Watch List
We believe that the actions that have been initiated partially satisfy the intent of this recommendation However US-VISIT also needs to expand its analysis to include the review of potential identity fraud associated with international travelers including travelers from visa waiver countries who did not have alien registration numbers or did not have to apply for visas from the Department of State Without a comprehensive plan to include these travelers US-VISIT will not be able to identify all individuals who may be using multiple biographic identities
In response to our report NPPD also stated that US-VISIT provides a layer of defense but is not the only line of defense against identity fraud and that CBP also plays a critical role in identifying individuals who use multiple biographic identities to enter the United States
We acknowledge that the security infrastructure at US borders is layered and that the critical work performed by CBP and the Department of State mitigates some of the security
risk However this report is not intended to be a broad overview of the entire security of our borders Rather this report specifically addresses US-VISITrsquos role in safeguarding against identity fraud By taking a greater proactive role in identifying and alerting CBP officers of potential identity fraud US-VISIT can provide valuable information to aid in securing our borders
Appendix A Objectives Scope and Methodology
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978 This is one of a series of audit inspection and special reports prepared as part of our oversight responsibilities to promote economy efficiency and effectiveness within the Department
Based on preliminary findings from survey work performed at United States Citizenship and Immigration Services we initiated a review of US-VISITrsquos internal controls over biographic identities The objectives of the review were to determine whether (1) US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States and (2) indications exist that individuals sought to enter the United States using different identities
To determine whether US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States we obtained US-VISITrsquos encounter biographic and document records from IDENT for 1998 through 2011 We eliminated nonentry encounters including enforcement and data-sharing records from our analysis We identified instances where individuals may have used multiple biographic identities by comparing the names and dates of birth recorded in US-VISIT records for encounters belonging to a single fingerprint identification number In this effort we utilized the expertise of an outside contractor Eastport Analytics as well as our own analysis We followed up on the results of our analysis by interviewing US-VISIT staff and reviewing documents provided by US-VISIT
To determine whether indications exist that individuals sought to enter the United States using different identities we analyzed the results of the analysis to test whether there was evidence of use of multiple biographic identities We provided a limited set of those results to US-VISIT staff to obtain any derogatory information related to the entry encounters of those individuals Finally we reviewed encounter biographic and derogatory records related to some of those individuals We briefed US-VISIT concerning the results of fieldwork and the information summarized in this report
We conducted this performance audit between September 2011 and March 2012 pursuant to the Inspector General Act of 1978 as amended and according to generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
According to the US-VISIT program office for each encounter (ie each time an international traveler passes through a US port of entry) US-VISIT checks the personrsquos biometrics against a biometric watch list of more than 64 million known or suspected terrorists criminals and immigration violators identified by US authorities and Interpol When a foreign visitor presents an identification document US-VISIT can check the personrsquos biometrics against other files that could be accessed to ensure that the document belongs to the person presenting it and not to someone else Finally other Federal law enforcement and Intelligence Community organizations can request that US-VISIT provide biographic and biometric information in the course of their investigations andor research
Results of Review
US-VISIT faces challenges in systematically identifying and flagging potential use of fraudulent biographic identities Our analysis of Automated Biometric Identification System (IDENT) data found 825000 instances where the same fingerprints were associated with different biographic data2 These differences ranged from misspelled names and transposed birth dates to completely different names and birth dates According to US-VISIT officials US-VISIT has instituted programs to identify individuals who may have overstayed the condition of their visas and has performed manual procedures to analyze entry and exit data to associate fingerprints with biographic information However US-VISIT has not developed
This information may assist CBP officers in identifying aliens using potentially fraudulent information at ports of entry
Although most of the hundreds of thousands of discrepant records involve data integrity errors likely occurring at the point of collection we found instances where individuals may have supplied different names and dates of birth at ports of entry In some cases we found that individuals used different biographic identities at a port of entry after they had applied for a visa under a different name or been identified as a recidivist alien
2 The 825000 records represent 02 percent of overall IDENT encounter data we received from US-VISIT Although this is a very small percentage of the total records the volume of records makes it significant 3 Other controls during the entry process may help to mitigate some risk of biographic identity fraud For example during the biovisa application process for people from countries who are required to have visas to enter the United States State Department personnel are supposed to check a personrsquos fingerprints against all previous biographic records for that set of fingerprints to ensure that the person has not previously used a different set of biographic information to enter the United States
The ldquoData Quality Actrdquo4 or ldquoInformation Quality Actrdquo requires Federal agencies to use and disseminate accurate information Inaccurate and inconsistent information related to hundreds of thousands of individuals reduces the accuracy of US-VISIT data monitoring and impedes US-VISITrsquos ability to verify that individuals attempting to enter the United States are providing their true names and dates of birth
US-VISIT Needs to Improve Procedures That Specifically Target Individuals Using Multiple Biographic Identities To Enter the United States
US-VISIT has to determine if individuals are using multiple
biographic identities when attempting to enter the United States We found evidence that IDENT data contain entry records for hundreds of thousands of individuals whose biographic data were different than their biometrics (ie individuals with the same fingerprints had different names andor dates of birth recorded for different encounters) Given that there are hundreds of millions of biometric records in IDENT if US-VISIT
US-VISIT offers decision makers limited assistance
US-VISIT officials said that US-VISIT regularly compares visa information against entry and departure data to identify individuals who have overstayed their immigrant or visitor visas It regularly provides overstay information to Immigrations and Customs Enforcement (ICE) to help identify and apprehend overstays US-VISIT also has established overstay outlooks so CBP officers and Department of State personnel can be warned of potential overstays seeking reentry to the United States This process replaced a system where individuals overstaying the terms of their admission to the United States were identified only on an ad hoc basis as part of contact they had with law enforcement In fiscal year 2011 US-VISIT provided ICE with more than 900 visas overstay leads per week
US-VISIT also has an identity resolution process to manually review instances where differences in biographic datamdashfor the same sets of biometricsmdashcan be attributable to input and other data errors To achieve this objective US-VISIT analysts may determine whether records with slightly different biographic information belong to a single individual or may have been incorrectly inputted at the point of collection Analysts then update the system to reflect that decision For example US-VISIT analysts may view several biographic records associated with the same fingerprint information and
4 Treasury and General Government Appropriations Act for Fiscal Year 2001 (Public Law 106-554) P L 106-554 sect 515 114 Stat 2763A- 153 to 2763A-154 (2000) (44 USC sect 3516 note) The law is referred to as the Data Quality Act or alternatively the Information Quality Act
determine that one of the biographic records contains a typographical error These analysts will then resolve the records in the system as a single individual or multiple individuals Through this process US-VISIT works to refine the reliability of the data it uses and provides to other Federal agencies
However US-VISITrsquos current identity resolution effort is not designed to specifically target individuals who are using multiple identities to enter the United States US-VISIT program officials informed us that most of the additional research they perform is based on identity resolution of people who appear to be the same but have different information recorded in US-VISIT data5 According to US-VISIT officials US-VISIT manually reviews IDENT encounters with multiple biographic records to identify potential identity fraud However US-VISIT did not provide evidence to document that it has determined whether all unresolved discrepanciesmdasharising when distinctly different biographical information share the same set of fingerprintsmdashindicate that fraud may have occurred
Data Inconsistencies Hinder Effective Use of Biometrics to Identify and Prevent Use of Fraudulent Identities at US Ports of Entry
The number of records with inconsistent biographic data limits the effectiveness and efficiency of using biometrics to identify and prevent the use of fraudulent identities at US ports of entry The Data Quality Act requires that information disseminated by agencies have maximum quality and integrity However we found numerous data integrity errors in IDENT These errors require US-VISIT to conduct an extensive manual reconciliation process of biographic information belonging to the same individuals This process limits US-VISITrsquos ability to quickly identify instances where multiple biographic data are attributable to fraud rather than data entry errors Our work identified examples where individuals may have attempted to enter the country using different names and birth dates sometimes after having been flagged within IDENT as having derogatory information These examples emphasize the need to provide CBP officers at ports of entry and State Department personnel with information to properly vet individuals before allowing them to enter the United States
5 Since 2005 US-VISIT has identified two instances of biographic fraud and referred them to ICE for further evaluation
US-VISIT Data Contain Hundreds of Thousands of Records With Inconsistent Biographic Information
We found about 825000 records in IDENT belonging to 375000 individuals where key biographic data such as the name andor date of birth did not match other records with the same fingerprint identification number (FIN) 6 These 375000 individuals had more than 47 million nonenforcement7 records in IDENT data including encounters at ports of entry applications for visas and visa extensions More than 4 million (85 percent) were encounters at ports of entry Enforcement data present another significant challenge since they rely heavily on biographic data
Data Entry Errors and Test Data Pose a Challenge to Effective Analysis of US-VISIT Biometric Data
Most of the erroneous records where multiple biographic identities were associated with the same biometrics appear to be data integrity errors Specifically we found that the biographical data that US-VISIT provided from its production environment contained test data submitted by other Federal and law enforcement agencies that are linked to specific FINs We also found inconsistencies in recording last and first names in the birth date format used and in gender-based records as well as other conditions Without ensuring data consistency and identifying instances where different names arise from the use of different biographic identities US-VISIT may be unable to provide timely information that can prevent the use of fraudulent identities to enter the United States
The Data Quality Act requires Federal agencies to ensure and maximize the quality utility and integrity of the data they disseminate9 Further the Standards for Internal Control in the Federal Government10 which establishes minimal level of quality acceptable for internal control in government requires that transactions and events be
6 Biographic discrepancies can occur at the point of collection from inaccurate input by hand unsuccessful scan or swipe of a document or the accidental swap of a document with a traveling companion They can also occur from systems parsing biographic information differently from the same document 7 Nonenforcement records include encounters such as an individualrsquos visits to the United States or applications for a visa to enter the United States but do not include encounters such as contacts with US law enforcement related to immigration violations or criminal activity 8
9The Data Quality Act is operationalized in the Federal Information System Controls Audit Manual which states that the key data elements of an agencyrsquos transactions must be accurate and represent real transactions as opposed to test transactions 10GAOAIMD-00-2131 Standards for Internal Control in the Federal Government November 1999
recorded accurately Inconsistencies in key biographic information between records belonging to a single individual reduce the ability of US-VISIT to meet the Federal information system and internal control standards In addition these inconsistencies can make it difficult to distinguish between data entry errors and individuals potentially committing identity fraud We found that data integrity issues most likely account for most of the 450000 biographic records that did not match other biographic records for the same fingerprint Specifically
US-VISIT collects data from numerous other Federal agencies each with its own data format and collection mechanism For example one agency may enter an individualrsquos name and date of birth manually while another may collect the information automatically from a passport These differences result in data entry errors such as misspellings and transpositions For example over a period of 5 years one individualrsquos name was spelled 17 different ways
Test data existed in the information that US-VISIT provided to us as encounter data For example in a number of instances we found records with the same FIN but with made-up names such as ldquoMickey Mouserdquo and ldquoJarvis Samplerdquo
Inconsistent recording of biographic information exists at ports of entry In one example an individualrsquos first middle and last names were recorded in IDENT in different combinations In another example an individual had 14 different combinations of months days and years for the birth date recorded under the same name in encounters from 2004 to 2011
We found instances where the same fingerprints may have been used when processing travelers at a port of entry In one instance we found that the same set of fingerprints was used for seven different individuals who entered the country over the course of a few hours11 Without isolating these errors US-VISIT will face additional difficulty in distinguishing biographic fraud from data collection errors
We also found that gender-based and other conditions may reduce the consistency of biographic and biometric information within IDENT For example
We found that nearly 400000 records for women have different last names for the same first name date of birth and FIN According to US-VISIT officials these instances are likely women who changed their names after a marriage
11 When provided documentation for this example US-VISIT asserted that the same fingerprints were recorded as the result of a fingerprint scanner ghost image
Names of international travelers were not always captured at ports of entry For example we found that 244000 individuals (as identified by their unique FIN) with nearly 1 million encounters at ports of entry did not have specific biographic identities Instead they were identified in IDENT simply as ldquofrequent travelerrdquo
Dates of birth were not always captured or fell outside of a reasonable range Specifically we found more than 25000 records where the dates of birth were not recorded or were outside of normal ranges For example we found that some international travelers entering the United States were recorded as having dates of birth in the year 2049 Without accurate biographic information US-VISIT faces challenges in fulfilling its mission of using biometrics to prevent identity fraud and deprive criminals and immigration violators of the ability to cross our borders
Examples of Individuals Attempting To Enter the Country Under Multiple Biographic Identities
Although most of the biographic data discrepancies in IDENT data can be attributed to data entry errors we identified instances where individuals appeared to have used different names and dates of birth to attempt to enter the United States These individuals attempted to enter the country multiple times over several years under different biographic data In one example the same set of fingerprints was associated with nine different names and nine different birth dates in 10 different attempts to enter the United States In another example the same individual (as identified by the same set of fingerprints) had eight different names and eight different birth dates listed in IDENT data for nine attempts to enter the United States
In addition to individuals who the data pointed to a limited
number of instances where an individual with a derogatory record supplied different biographic information to CBP officers to attempt to enter the United States 12 For example
12 Subsequent to our analysis we provided US-VISIT with a file containing information on individuals who were recorded at ports of entry with different biographic information with the same FINs US-VISIT then made available to us information about derogatory information on these individuals
A male who used two different names and dates of birth to attempt to enter the United States in 2008 and 2011 was identified as a repeated criminal (recidivist) alien13
A male used two different identities to apply for visas from the Department of State After being denied entry in 2009 he used yet a third name and date of birth to attempt to enter the country later in the same year and was refused entry
A female who was identified as a recidivist alien in 2008 used different biographic data to visit the United States once in 2009 and twice in 2011
A female who was identified as a recidivist alien in 2006 attempted to enter the country on three visits in 2009 2010 and 2011 under variations of the same name
Conclusion
Significant inconsistencies exist in the biographic information that US-VISIT maintains on foreign visitors and aliens entering and exiting the United States Although most of the inconsistencies can be attributable to data input issues US-VISIT is unable to quantify the extent to which the same individuals provided different biographical data to circumvent controls and enter the United States improperly Without this information US-VISIT may be hindered in its ability to share information that could help border enforcement agencies prevent improper entries into the United States We will provide the results of our analysis of multiple biographic identities to US-VISIT for further research and potential action
Recommendation(s)
We recommend that the Director US-VISIT
Recommendation 1
Review data inconsistencies that we have provided to the US-VISIT office to determine if additional examples of biographic fraud exist beyond the two cases that it previously referred to ICE
13 US-VISIT has stated that bulleted examples 1 and 3 are results of incorrectly entered derogatory information in the system that will require data cleanup
Recommendation 2
Provide information on individuals determined to be using multiple biographic identities to appropriate law enforcement entities for identity fraud resolution and possible inclusion on the biometric watch list so they are identifiable when entering the United States
Management Comments and OIG Analysis
We obtained written comments on a draft report from the Under Secretary NPPD We have included a copy of the comments in their entirety in appendix B
In the comments the DHS Under Secretary for NPPD concurred with both report recommendations and provided comments on specific areas within the report We have reviewed managementrsquos comments and provide an evaluation below
In response to our first recommendation the DHS Under Secretary for NPPD requests that we remove the word ldquoadditionalrdquo from our recommendation when referring to examples of biographic fraud We have changed the report language to refer more clearly to the two cases of biographic fraud that NPPD previously referred to ICE
In response to our second recommendation the DHS Under Secretary for NPPD states that US-VISIT has initiated a proactive review of processes to identify potential fraud used by individuals attempting to enter the United States or obtain immigration benefits This is performed through a review of multiple alien registration numbers NPPD reported that to date US-VISIT has researched more than 1200 records and added 192 individuals to the Watch List
We believe that the actions that have been initiated partially satisfy the intent of this recommendation However US-VISIT also needs to expand its analysis to include the review of potential identity fraud associated with international travelers including travelers from visa waiver countries who did not have alien registration numbers or did not have to apply for visas from the Department of State Without a comprehensive plan to include these travelers US-VISIT will not be able to identify all individuals who may be using multiple biographic identities
In response to our report NPPD also stated that US-VISIT provides a layer of defense but is not the only line of defense against identity fraud and that CBP also plays a critical role in identifying individuals who use multiple biographic identities to enter the United States
We acknowledge that the security infrastructure at US borders is layered and that the critical work performed by CBP and the Department of State mitigates some of the security
risk However this report is not intended to be a broad overview of the entire security of our borders Rather this report specifically addresses US-VISITrsquos role in safeguarding against identity fraud By taking a greater proactive role in identifying and alerting CBP officers of potential identity fraud US-VISIT can provide valuable information to aid in securing our borders
Appendix A Objectives Scope and Methodology
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978 This is one of a series of audit inspection and special reports prepared as part of our oversight responsibilities to promote economy efficiency and effectiveness within the Department
Based on preliminary findings from survey work performed at United States Citizenship and Immigration Services we initiated a review of US-VISITrsquos internal controls over biographic identities The objectives of the review were to determine whether (1) US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States and (2) indications exist that individuals sought to enter the United States using different identities
To determine whether US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States we obtained US-VISITrsquos encounter biographic and document records from IDENT for 1998 through 2011 We eliminated nonentry encounters including enforcement and data-sharing records from our analysis We identified instances where individuals may have used multiple biographic identities by comparing the names and dates of birth recorded in US-VISIT records for encounters belonging to a single fingerprint identification number In this effort we utilized the expertise of an outside contractor Eastport Analytics as well as our own analysis We followed up on the results of our analysis by interviewing US-VISIT staff and reviewing documents provided by US-VISIT
To determine whether indications exist that individuals sought to enter the United States using different identities we analyzed the results of the analysis to test whether there was evidence of use of multiple biographic identities We provided a limited set of those results to US-VISIT staff to obtain any derogatory information related to the entry encounters of those individuals Finally we reviewed encounter biographic and derogatory records related to some of those individuals We briefed US-VISIT concerning the results of fieldwork and the information summarized in this report
We conducted this performance audit between September 2011 and March 2012 pursuant to the Inspector General Act of 1978 as amended and according to generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
The ldquoData Quality Actrdquo4 or ldquoInformation Quality Actrdquo requires Federal agencies to use and disseminate accurate information Inaccurate and inconsistent information related to hundreds of thousands of individuals reduces the accuracy of US-VISIT data monitoring and impedes US-VISITrsquos ability to verify that individuals attempting to enter the United States are providing their true names and dates of birth
US-VISIT Needs to Improve Procedures That Specifically Target Individuals Using Multiple Biographic Identities To Enter the United States
US-VISIT has to determine if individuals are using multiple
biographic identities when attempting to enter the United States We found evidence that IDENT data contain entry records for hundreds of thousands of individuals whose biographic data were different than their biometrics (ie individuals with the same fingerprints had different names andor dates of birth recorded for different encounters) Given that there are hundreds of millions of biometric records in IDENT if US-VISIT
US-VISIT offers decision makers limited assistance
US-VISIT officials said that US-VISIT regularly compares visa information against entry and departure data to identify individuals who have overstayed their immigrant or visitor visas It regularly provides overstay information to Immigrations and Customs Enforcement (ICE) to help identify and apprehend overstays US-VISIT also has established overstay outlooks so CBP officers and Department of State personnel can be warned of potential overstays seeking reentry to the United States This process replaced a system where individuals overstaying the terms of their admission to the United States were identified only on an ad hoc basis as part of contact they had with law enforcement In fiscal year 2011 US-VISIT provided ICE with more than 900 visas overstay leads per week
US-VISIT also has an identity resolution process to manually review instances where differences in biographic datamdashfor the same sets of biometricsmdashcan be attributable to input and other data errors To achieve this objective US-VISIT analysts may determine whether records with slightly different biographic information belong to a single individual or may have been incorrectly inputted at the point of collection Analysts then update the system to reflect that decision For example US-VISIT analysts may view several biographic records associated with the same fingerprint information and
4 Treasury and General Government Appropriations Act for Fiscal Year 2001 (Public Law 106-554) P L 106-554 sect 515 114 Stat 2763A- 153 to 2763A-154 (2000) (44 USC sect 3516 note) The law is referred to as the Data Quality Act or alternatively the Information Quality Act
determine that one of the biographic records contains a typographical error These analysts will then resolve the records in the system as a single individual or multiple individuals Through this process US-VISIT works to refine the reliability of the data it uses and provides to other Federal agencies
However US-VISITrsquos current identity resolution effort is not designed to specifically target individuals who are using multiple identities to enter the United States US-VISIT program officials informed us that most of the additional research they perform is based on identity resolution of people who appear to be the same but have different information recorded in US-VISIT data5 According to US-VISIT officials US-VISIT manually reviews IDENT encounters with multiple biographic records to identify potential identity fraud However US-VISIT did not provide evidence to document that it has determined whether all unresolved discrepanciesmdasharising when distinctly different biographical information share the same set of fingerprintsmdashindicate that fraud may have occurred
Data Inconsistencies Hinder Effective Use of Biometrics to Identify and Prevent Use of Fraudulent Identities at US Ports of Entry
The number of records with inconsistent biographic data limits the effectiveness and efficiency of using biometrics to identify and prevent the use of fraudulent identities at US ports of entry The Data Quality Act requires that information disseminated by agencies have maximum quality and integrity However we found numerous data integrity errors in IDENT These errors require US-VISIT to conduct an extensive manual reconciliation process of biographic information belonging to the same individuals This process limits US-VISITrsquos ability to quickly identify instances where multiple biographic data are attributable to fraud rather than data entry errors Our work identified examples where individuals may have attempted to enter the country using different names and birth dates sometimes after having been flagged within IDENT as having derogatory information These examples emphasize the need to provide CBP officers at ports of entry and State Department personnel with information to properly vet individuals before allowing them to enter the United States
5 Since 2005 US-VISIT has identified two instances of biographic fraud and referred them to ICE for further evaluation
US-VISIT Data Contain Hundreds of Thousands of Records With Inconsistent Biographic Information
We found about 825000 records in IDENT belonging to 375000 individuals where key biographic data such as the name andor date of birth did not match other records with the same fingerprint identification number (FIN) 6 These 375000 individuals had more than 47 million nonenforcement7 records in IDENT data including encounters at ports of entry applications for visas and visa extensions More than 4 million (85 percent) were encounters at ports of entry Enforcement data present another significant challenge since they rely heavily on biographic data
Data Entry Errors and Test Data Pose a Challenge to Effective Analysis of US-VISIT Biometric Data
Most of the erroneous records where multiple biographic identities were associated with the same biometrics appear to be data integrity errors Specifically we found that the biographical data that US-VISIT provided from its production environment contained test data submitted by other Federal and law enforcement agencies that are linked to specific FINs We also found inconsistencies in recording last and first names in the birth date format used and in gender-based records as well as other conditions Without ensuring data consistency and identifying instances where different names arise from the use of different biographic identities US-VISIT may be unable to provide timely information that can prevent the use of fraudulent identities to enter the United States
The Data Quality Act requires Federal agencies to ensure and maximize the quality utility and integrity of the data they disseminate9 Further the Standards for Internal Control in the Federal Government10 which establishes minimal level of quality acceptable for internal control in government requires that transactions and events be
6 Biographic discrepancies can occur at the point of collection from inaccurate input by hand unsuccessful scan or swipe of a document or the accidental swap of a document with a traveling companion They can also occur from systems parsing biographic information differently from the same document 7 Nonenforcement records include encounters such as an individualrsquos visits to the United States or applications for a visa to enter the United States but do not include encounters such as contacts with US law enforcement related to immigration violations or criminal activity 8
9The Data Quality Act is operationalized in the Federal Information System Controls Audit Manual which states that the key data elements of an agencyrsquos transactions must be accurate and represent real transactions as opposed to test transactions 10GAOAIMD-00-2131 Standards for Internal Control in the Federal Government November 1999
recorded accurately Inconsistencies in key biographic information between records belonging to a single individual reduce the ability of US-VISIT to meet the Federal information system and internal control standards In addition these inconsistencies can make it difficult to distinguish between data entry errors and individuals potentially committing identity fraud We found that data integrity issues most likely account for most of the 450000 biographic records that did not match other biographic records for the same fingerprint Specifically
US-VISIT collects data from numerous other Federal agencies each with its own data format and collection mechanism For example one agency may enter an individualrsquos name and date of birth manually while another may collect the information automatically from a passport These differences result in data entry errors such as misspellings and transpositions For example over a period of 5 years one individualrsquos name was spelled 17 different ways
Test data existed in the information that US-VISIT provided to us as encounter data For example in a number of instances we found records with the same FIN but with made-up names such as ldquoMickey Mouserdquo and ldquoJarvis Samplerdquo
Inconsistent recording of biographic information exists at ports of entry In one example an individualrsquos first middle and last names were recorded in IDENT in different combinations In another example an individual had 14 different combinations of months days and years for the birth date recorded under the same name in encounters from 2004 to 2011
We found instances where the same fingerprints may have been used when processing travelers at a port of entry In one instance we found that the same set of fingerprints was used for seven different individuals who entered the country over the course of a few hours11 Without isolating these errors US-VISIT will face additional difficulty in distinguishing biographic fraud from data collection errors
We also found that gender-based and other conditions may reduce the consistency of biographic and biometric information within IDENT For example
We found that nearly 400000 records for women have different last names for the same first name date of birth and FIN According to US-VISIT officials these instances are likely women who changed their names after a marriage
11 When provided documentation for this example US-VISIT asserted that the same fingerprints were recorded as the result of a fingerprint scanner ghost image
Names of international travelers were not always captured at ports of entry For example we found that 244000 individuals (as identified by their unique FIN) with nearly 1 million encounters at ports of entry did not have specific biographic identities Instead they were identified in IDENT simply as ldquofrequent travelerrdquo
Dates of birth were not always captured or fell outside of a reasonable range Specifically we found more than 25000 records where the dates of birth were not recorded or were outside of normal ranges For example we found that some international travelers entering the United States were recorded as having dates of birth in the year 2049 Without accurate biographic information US-VISIT faces challenges in fulfilling its mission of using biometrics to prevent identity fraud and deprive criminals and immigration violators of the ability to cross our borders
Examples of Individuals Attempting To Enter the Country Under Multiple Biographic Identities
Although most of the biographic data discrepancies in IDENT data can be attributed to data entry errors we identified instances where individuals appeared to have used different names and dates of birth to attempt to enter the United States These individuals attempted to enter the country multiple times over several years under different biographic data In one example the same set of fingerprints was associated with nine different names and nine different birth dates in 10 different attempts to enter the United States In another example the same individual (as identified by the same set of fingerprints) had eight different names and eight different birth dates listed in IDENT data for nine attempts to enter the United States
In addition to individuals who the data pointed to a limited
number of instances where an individual with a derogatory record supplied different biographic information to CBP officers to attempt to enter the United States 12 For example
12 Subsequent to our analysis we provided US-VISIT with a file containing information on individuals who were recorded at ports of entry with different biographic information with the same FINs US-VISIT then made available to us information about derogatory information on these individuals
A male who used two different names and dates of birth to attempt to enter the United States in 2008 and 2011 was identified as a repeated criminal (recidivist) alien13
A male used two different identities to apply for visas from the Department of State After being denied entry in 2009 he used yet a third name and date of birth to attempt to enter the country later in the same year and was refused entry
A female who was identified as a recidivist alien in 2008 used different biographic data to visit the United States once in 2009 and twice in 2011
A female who was identified as a recidivist alien in 2006 attempted to enter the country on three visits in 2009 2010 and 2011 under variations of the same name
Conclusion
Significant inconsistencies exist in the biographic information that US-VISIT maintains on foreign visitors and aliens entering and exiting the United States Although most of the inconsistencies can be attributable to data input issues US-VISIT is unable to quantify the extent to which the same individuals provided different biographical data to circumvent controls and enter the United States improperly Without this information US-VISIT may be hindered in its ability to share information that could help border enforcement agencies prevent improper entries into the United States We will provide the results of our analysis of multiple biographic identities to US-VISIT for further research and potential action
Recommendation(s)
We recommend that the Director US-VISIT
Recommendation 1
Review data inconsistencies that we have provided to the US-VISIT office to determine if additional examples of biographic fraud exist beyond the two cases that it previously referred to ICE
13 US-VISIT has stated that bulleted examples 1 and 3 are results of incorrectly entered derogatory information in the system that will require data cleanup
Recommendation 2
Provide information on individuals determined to be using multiple biographic identities to appropriate law enforcement entities for identity fraud resolution and possible inclusion on the biometric watch list so they are identifiable when entering the United States
Management Comments and OIG Analysis
We obtained written comments on a draft report from the Under Secretary NPPD We have included a copy of the comments in their entirety in appendix B
In the comments the DHS Under Secretary for NPPD concurred with both report recommendations and provided comments on specific areas within the report We have reviewed managementrsquos comments and provide an evaluation below
In response to our first recommendation the DHS Under Secretary for NPPD requests that we remove the word ldquoadditionalrdquo from our recommendation when referring to examples of biographic fraud We have changed the report language to refer more clearly to the two cases of biographic fraud that NPPD previously referred to ICE
In response to our second recommendation the DHS Under Secretary for NPPD states that US-VISIT has initiated a proactive review of processes to identify potential fraud used by individuals attempting to enter the United States or obtain immigration benefits This is performed through a review of multiple alien registration numbers NPPD reported that to date US-VISIT has researched more than 1200 records and added 192 individuals to the Watch List
We believe that the actions that have been initiated partially satisfy the intent of this recommendation However US-VISIT also needs to expand its analysis to include the review of potential identity fraud associated with international travelers including travelers from visa waiver countries who did not have alien registration numbers or did not have to apply for visas from the Department of State Without a comprehensive plan to include these travelers US-VISIT will not be able to identify all individuals who may be using multiple biographic identities
In response to our report NPPD also stated that US-VISIT provides a layer of defense but is not the only line of defense against identity fraud and that CBP also plays a critical role in identifying individuals who use multiple biographic identities to enter the United States
We acknowledge that the security infrastructure at US borders is layered and that the critical work performed by CBP and the Department of State mitigates some of the security
risk However this report is not intended to be a broad overview of the entire security of our borders Rather this report specifically addresses US-VISITrsquos role in safeguarding against identity fraud By taking a greater proactive role in identifying and alerting CBP officers of potential identity fraud US-VISIT can provide valuable information to aid in securing our borders
Appendix A Objectives Scope and Methodology
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978 This is one of a series of audit inspection and special reports prepared as part of our oversight responsibilities to promote economy efficiency and effectiveness within the Department
Based on preliminary findings from survey work performed at United States Citizenship and Immigration Services we initiated a review of US-VISITrsquos internal controls over biographic identities The objectives of the review were to determine whether (1) US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States and (2) indications exist that individuals sought to enter the United States using different identities
To determine whether US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States we obtained US-VISITrsquos encounter biographic and document records from IDENT for 1998 through 2011 We eliminated nonentry encounters including enforcement and data-sharing records from our analysis We identified instances where individuals may have used multiple biographic identities by comparing the names and dates of birth recorded in US-VISIT records for encounters belonging to a single fingerprint identification number In this effort we utilized the expertise of an outside contractor Eastport Analytics as well as our own analysis We followed up on the results of our analysis by interviewing US-VISIT staff and reviewing documents provided by US-VISIT
To determine whether indications exist that individuals sought to enter the United States using different identities we analyzed the results of the analysis to test whether there was evidence of use of multiple biographic identities We provided a limited set of those results to US-VISIT staff to obtain any derogatory information related to the entry encounters of those individuals Finally we reviewed encounter biographic and derogatory records related to some of those individuals We briefed US-VISIT concerning the results of fieldwork and the information summarized in this report
We conducted this performance audit between September 2011 and March 2012 pursuant to the Inspector General Act of 1978 as amended and according to generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
determine that one of the biographic records contains a typographical error These analysts will then resolve the records in the system as a single individual or multiple individuals Through this process US-VISIT works to refine the reliability of the data it uses and provides to other Federal agencies
However US-VISITrsquos current identity resolution effort is not designed to specifically target individuals who are using multiple identities to enter the United States US-VISIT program officials informed us that most of the additional research they perform is based on identity resolution of people who appear to be the same but have different information recorded in US-VISIT data5 According to US-VISIT officials US-VISIT manually reviews IDENT encounters with multiple biographic records to identify potential identity fraud However US-VISIT did not provide evidence to document that it has determined whether all unresolved discrepanciesmdasharising when distinctly different biographical information share the same set of fingerprintsmdashindicate that fraud may have occurred
Data Inconsistencies Hinder Effective Use of Biometrics to Identify and Prevent Use of Fraudulent Identities at US Ports of Entry
The number of records with inconsistent biographic data limits the effectiveness and efficiency of using biometrics to identify and prevent the use of fraudulent identities at US ports of entry The Data Quality Act requires that information disseminated by agencies have maximum quality and integrity However we found numerous data integrity errors in IDENT These errors require US-VISIT to conduct an extensive manual reconciliation process of biographic information belonging to the same individuals This process limits US-VISITrsquos ability to quickly identify instances where multiple biographic data are attributable to fraud rather than data entry errors Our work identified examples where individuals may have attempted to enter the country using different names and birth dates sometimes after having been flagged within IDENT as having derogatory information These examples emphasize the need to provide CBP officers at ports of entry and State Department personnel with information to properly vet individuals before allowing them to enter the United States
5 Since 2005 US-VISIT has identified two instances of biographic fraud and referred them to ICE for further evaluation
US-VISIT Data Contain Hundreds of Thousands of Records With Inconsistent Biographic Information
We found about 825000 records in IDENT belonging to 375000 individuals where key biographic data such as the name andor date of birth did not match other records with the same fingerprint identification number (FIN) 6 These 375000 individuals had more than 47 million nonenforcement7 records in IDENT data including encounters at ports of entry applications for visas and visa extensions More than 4 million (85 percent) were encounters at ports of entry Enforcement data present another significant challenge since they rely heavily on biographic data
Data Entry Errors and Test Data Pose a Challenge to Effective Analysis of US-VISIT Biometric Data
Most of the erroneous records where multiple biographic identities were associated with the same biometrics appear to be data integrity errors Specifically we found that the biographical data that US-VISIT provided from its production environment contained test data submitted by other Federal and law enforcement agencies that are linked to specific FINs We also found inconsistencies in recording last and first names in the birth date format used and in gender-based records as well as other conditions Without ensuring data consistency and identifying instances where different names arise from the use of different biographic identities US-VISIT may be unable to provide timely information that can prevent the use of fraudulent identities to enter the United States
The Data Quality Act requires Federal agencies to ensure and maximize the quality utility and integrity of the data they disseminate9 Further the Standards for Internal Control in the Federal Government10 which establishes minimal level of quality acceptable for internal control in government requires that transactions and events be
6 Biographic discrepancies can occur at the point of collection from inaccurate input by hand unsuccessful scan or swipe of a document or the accidental swap of a document with a traveling companion They can also occur from systems parsing biographic information differently from the same document 7 Nonenforcement records include encounters such as an individualrsquos visits to the United States or applications for a visa to enter the United States but do not include encounters such as contacts with US law enforcement related to immigration violations or criminal activity 8
9The Data Quality Act is operationalized in the Federal Information System Controls Audit Manual which states that the key data elements of an agencyrsquos transactions must be accurate and represent real transactions as opposed to test transactions 10GAOAIMD-00-2131 Standards for Internal Control in the Federal Government November 1999
recorded accurately Inconsistencies in key biographic information between records belonging to a single individual reduce the ability of US-VISIT to meet the Federal information system and internal control standards In addition these inconsistencies can make it difficult to distinguish between data entry errors and individuals potentially committing identity fraud We found that data integrity issues most likely account for most of the 450000 biographic records that did not match other biographic records for the same fingerprint Specifically
US-VISIT collects data from numerous other Federal agencies each with its own data format and collection mechanism For example one agency may enter an individualrsquos name and date of birth manually while another may collect the information automatically from a passport These differences result in data entry errors such as misspellings and transpositions For example over a period of 5 years one individualrsquos name was spelled 17 different ways
Test data existed in the information that US-VISIT provided to us as encounter data For example in a number of instances we found records with the same FIN but with made-up names such as ldquoMickey Mouserdquo and ldquoJarvis Samplerdquo
Inconsistent recording of biographic information exists at ports of entry In one example an individualrsquos first middle and last names were recorded in IDENT in different combinations In another example an individual had 14 different combinations of months days and years for the birth date recorded under the same name in encounters from 2004 to 2011
We found instances where the same fingerprints may have been used when processing travelers at a port of entry In one instance we found that the same set of fingerprints was used for seven different individuals who entered the country over the course of a few hours11 Without isolating these errors US-VISIT will face additional difficulty in distinguishing biographic fraud from data collection errors
We also found that gender-based and other conditions may reduce the consistency of biographic and biometric information within IDENT For example
We found that nearly 400000 records for women have different last names for the same first name date of birth and FIN According to US-VISIT officials these instances are likely women who changed their names after a marriage
11 When provided documentation for this example US-VISIT asserted that the same fingerprints were recorded as the result of a fingerprint scanner ghost image
Names of international travelers were not always captured at ports of entry For example we found that 244000 individuals (as identified by their unique FIN) with nearly 1 million encounters at ports of entry did not have specific biographic identities Instead they were identified in IDENT simply as ldquofrequent travelerrdquo
Dates of birth were not always captured or fell outside of a reasonable range Specifically we found more than 25000 records where the dates of birth were not recorded or were outside of normal ranges For example we found that some international travelers entering the United States were recorded as having dates of birth in the year 2049 Without accurate biographic information US-VISIT faces challenges in fulfilling its mission of using biometrics to prevent identity fraud and deprive criminals and immigration violators of the ability to cross our borders
Examples of Individuals Attempting To Enter the Country Under Multiple Biographic Identities
Although most of the biographic data discrepancies in IDENT data can be attributed to data entry errors we identified instances where individuals appeared to have used different names and dates of birth to attempt to enter the United States These individuals attempted to enter the country multiple times over several years under different biographic data In one example the same set of fingerprints was associated with nine different names and nine different birth dates in 10 different attempts to enter the United States In another example the same individual (as identified by the same set of fingerprints) had eight different names and eight different birth dates listed in IDENT data for nine attempts to enter the United States
In addition to individuals who the data pointed to a limited
number of instances where an individual with a derogatory record supplied different biographic information to CBP officers to attempt to enter the United States 12 For example
12 Subsequent to our analysis we provided US-VISIT with a file containing information on individuals who were recorded at ports of entry with different biographic information with the same FINs US-VISIT then made available to us information about derogatory information on these individuals
A male who used two different names and dates of birth to attempt to enter the United States in 2008 and 2011 was identified as a repeated criminal (recidivist) alien13
A male used two different identities to apply for visas from the Department of State After being denied entry in 2009 he used yet a third name and date of birth to attempt to enter the country later in the same year and was refused entry
A female who was identified as a recidivist alien in 2008 used different biographic data to visit the United States once in 2009 and twice in 2011
A female who was identified as a recidivist alien in 2006 attempted to enter the country on three visits in 2009 2010 and 2011 under variations of the same name
Conclusion
Significant inconsistencies exist in the biographic information that US-VISIT maintains on foreign visitors and aliens entering and exiting the United States Although most of the inconsistencies can be attributable to data input issues US-VISIT is unable to quantify the extent to which the same individuals provided different biographical data to circumvent controls and enter the United States improperly Without this information US-VISIT may be hindered in its ability to share information that could help border enforcement agencies prevent improper entries into the United States We will provide the results of our analysis of multiple biographic identities to US-VISIT for further research and potential action
Recommendation(s)
We recommend that the Director US-VISIT
Recommendation 1
Review data inconsistencies that we have provided to the US-VISIT office to determine if additional examples of biographic fraud exist beyond the two cases that it previously referred to ICE
13 US-VISIT has stated that bulleted examples 1 and 3 are results of incorrectly entered derogatory information in the system that will require data cleanup
Recommendation 2
Provide information on individuals determined to be using multiple biographic identities to appropriate law enforcement entities for identity fraud resolution and possible inclusion on the biometric watch list so they are identifiable when entering the United States
Management Comments and OIG Analysis
We obtained written comments on a draft report from the Under Secretary NPPD We have included a copy of the comments in their entirety in appendix B
In the comments the DHS Under Secretary for NPPD concurred with both report recommendations and provided comments on specific areas within the report We have reviewed managementrsquos comments and provide an evaluation below
In response to our first recommendation the DHS Under Secretary for NPPD requests that we remove the word ldquoadditionalrdquo from our recommendation when referring to examples of biographic fraud We have changed the report language to refer more clearly to the two cases of biographic fraud that NPPD previously referred to ICE
In response to our second recommendation the DHS Under Secretary for NPPD states that US-VISIT has initiated a proactive review of processes to identify potential fraud used by individuals attempting to enter the United States or obtain immigration benefits This is performed through a review of multiple alien registration numbers NPPD reported that to date US-VISIT has researched more than 1200 records and added 192 individuals to the Watch List
We believe that the actions that have been initiated partially satisfy the intent of this recommendation However US-VISIT also needs to expand its analysis to include the review of potential identity fraud associated with international travelers including travelers from visa waiver countries who did not have alien registration numbers or did not have to apply for visas from the Department of State Without a comprehensive plan to include these travelers US-VISIT will not be able to identify all individuals who may be using multiple biographic identities
In response to our report NPPD also stated that US-VISIT provides a layer of defense but is not the only line of defense against identity fraud and that CBP also plays a critical role in identifying individuals who use multiple biographic identities to enter the United States
We acknowledge that the security infrastructure at US borders is layered and that the critical work performed by CBP and the Department of State mitigates some of the security
risk However this report is not intended to be a broad overview of the entire security of our borders Rather this report specifically addresses US-VISITrsquos role in safeguarding against identity fraud By taking a greater proactive role in identifying and alerting CBP officers of potential identity fraud US-VISIT can provide valuable information to aid in securing our borders
Appendix A Objectives Scope and Methodology
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978 This is one of a series of audit inspection and special reports prepared as part of our oversight responsibilities to promote economy efficiency and effectiveness within the Department
Based on preliminary findings from survey work performed at United States Citizenship and Immigration Services we initiated a review of US-VISITrsquos internal controls over biographic identities The objectives of the review were to determine whether (1) US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States and (2) indications exist that individuals sought to enter the United States using different identities
To determine whether US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States we obtained US-VISITrsquos encounter biographic and document records from IDENT for 1998 through 2011 We eliminated nonentry encounters including enforcement and data-sharing records from our analysis We identified instances where individuals may have used multiple biographic identities by comparing the names and dates of birth recorded in US-VISIT records for encounters belonging to a single fingerprint identification number In this effort we utilized the expertise of an outside contractor Eastport Analytics as well as our own analysis We followed up on the results of our analysis by interviewing US-VISIT staff and reviewing documents provided by US-VISIT
To determine whether indications exist that individuals sought to enter the United States using different identities we analyzed the results of the analysis to test whether there was evidence of use of multiple biographic identities We provided a limited set of those results to US-VISIT staff to obtain any derogatory information related to the entry encounters of those individuals Finally we reviewed encounter biographic and derogatory records related to some of those individuals We briefed US-VISIT concerning the results of fieldwork and the information summarized in this report
We conducted this performance audit between September 2011 and March 2012 pursuant to the Inspector General Act of 1978 as amended and according to generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
US-VISIT Data Contain Hundreds of Thousands of Records With Inconsistent Biographic Information
We found about 825000 records in IDENT belonging to 375000 individuals where key biographic data such as the name andor date of birth did not match other records with the same fingerprint identification number (FIN) 6 These 375000 individuals had more than 47 million nonenforcement7 records in IDENT data including encounters at ports of entry applications for visas and visa extensions More than 4 million (85 percent) were encounters at ports of entry Enforcement data present another significant challenge since they rely heavily on biographic data
Data Entry Errors and Test Data Pose a Challenge to Effective Analysis of US-VISIT Biometric Data
Most of the erroneous records where multiple biographic identities were associated with the same biometrics appear to be data integrity errors Specifically we found that the biographical data that US-VISIT provided from its production environment contained test data submitted by other Federal and law enforcement agencies that are linked to specific FINs We also found inconsistencies in recording last and first names in the birth date format used and in gender-based records as well as other conditions Without ensuring data consistency and identifying instances where different names arise from the use of different biographic identities US-VISIT may be unable to provide timely information that can prevent the use of fraudulent identities to enter the United States
The Data Quality Act requires Federal agencies to ensure and maximize the quality utility and integrity of the data they disseminate9 Further the Standards for Internal Control in the Federal Government10 which establishes minimal level of quality acceptable for internal control in government requires that transactions and events be
6 Biographic discrepancies can occur at the point of collection from inaccurate input by hand unsuccessful scan or swipe of a document or the accidental swap of a document with a traveling companion They can also occur from systems parsing biographic information differently from the same document 7 Nonenforcement records include encounters such as an individualrsquos visits to the United States or applications for a visa to enter the United States but do not include encounters such as contacts with US law enforcement related to immigration violations or criminal activity 8
9The Data Quality Act is operationalized in the Federal Information System Controls Audit Manual which states that the key data elements of an agencyrsquos transactions must be accurate and represent real transactions as opposed to test transactions 10GAOAIMD-00-2131 Standards for Internal Control in the Federal Government November 1999
recorded accurately Inconsistencies in key biographic information between records belonging to a single individual reduce the ability of US-VISIT to meet the Federal information system and internal control standards In addition these inconsistencies can make it difficult to distinguish between data entry errors and individuals potentially committing identity fraud We found that data integrity issues most likely account for most of the 450000 biographic records that did not match other biographic records for the same fingerprint Specifically
US-VISIT collects data from numerous other Federal agencies each with its own data format and collection mechanism For example one agency may enter an individualrsquos name and date of birth manually while another may collect the information automatically from a passport These differences result in data entry errors such as misspellings and transpositions For example over a period of 5 years one individualrsquos name was spelled 17 different ways
Test data existed in the information that US-VISIT provided to us as encounter data For example in a number of instances we found records with the same FIN but with made-up names such as ldquoMickey Mouserdquo and ldquoJarvis Samplerdquo
Inconsistent recording of biographic information exists at ports of entry In one example an individualrsquos first middle and last names were recorded in IDENT in different combinations In another example an individual had 14 different combinations of months days and years for the birth date recorded under the same name in encounters from 2004 to 2011
We found instances where the same fingerprints may have been used when processing travelers at a port of entry In one instance we found that the same set of fingerprints was used for seven different individuals who entered the country over the course of a few hours11 Without isolating these errors US-VISIT will face additional difficulty in distinguishing biographic fraud from data collection errors
We also found that gender-based and other conditions may reduce the consistency of biographic and biometric information within IDENT For example
We found that nearly 400000 records for women have different last names for the same first name date of birth and FIN According to US-VISIT officials these instances are likely women who changed their names after a marriage
11 When provided documentation for this example US-VISIT asserted that the same fingerprints were recorded as the result of a fingerprint scanner ghost image
Names of international travelers were not always captured at ports of entry For example we found that 244000 individuals (as identified by their unique FIN) with nearly 1 million encounters at ports of entry did not have specific biographic identities Instead they were identified in IDENT simply as ldquofrequent travelerrdquo
Dates of birth were not always captured or fell outside of a reasonable range Specifically we found more than 25000 records where the dates of birth were not recorded or were outside of normal ranges For example we found that some international travelers entering the United States were recorded as having dates of birth in the year 2049 Without accurate biographic information US-VISIT faces challenges in fulfilling its mission of using biometrics to prevent identity fraud and deprive criminals and immigration violators of the ability to cross our borders
Examples of Individuals Attempting To Enter the Country Under Multiple Biographic Identities
Although most of the biographic data discrepancies in IDENT data can be attributed to data entry errors we identified instances where individuals appeared to have used different names and dates of birth to attempt to enter the United States These individuals attempted to enter the country multiple times over several years under different biographic data In one example the same set of fingerprints was associated with nine different names and nine different birth dates in 10 different attempts to enter the United States In another example the same individual (as identified by the same set of fingerprints) had eight different names and eight different birth dates listed in IDENT data for nine attempts to enter the United States
In addition to individuals who the data pointed to a limited
number of instances where an individual with a derogatory record supplied different biographic information to CBP officers to attempt to enter the United States 12 For example
12 Subsequent to our analysis we provided US-VISIT with a file containing information on individuals who were recorded at ports of entry with different biographic information with the same FINs US-VISIT then made available to us information about derogatory information on these individuals
A male who used two different names and dates of birth to attempt to enter the United States in 2008 and 2011 was identified as a repeated criminal (recidivist) alien13
A male used two different identities to apply for visas from the Department of State After being denied entry in 2009 he used yet a third name and date of birth to attempt to enter the country later in the same year and was refused entry
A female who was identified as a recidivist alien in 2008 used different biographic data to visit the United States once in 2009 and twice in 2011
A female who was identified as a recidivist alien in 2006 attempted to enter the country on three visits in 2009 2010 and 2011 under variations of the same name
Conclusion
Significant inconsistencies exist in the biographic information that US-VISIT maintains on foreign visitors and aliens entering and exiting the United States Although most of the inconsistencies can be attributable to data input issues US-VISIT is unable to quantify the extent to which the same individuals provided different biographical data to circumvent controls and enter the United States improperly Without this information US-VISIT may be hindered in its ability to share information that could help border enforcement agencies prevent improper entries into the United States We will provide the results of our analysis of multiple biographic identities to US-VISIT for further research and potential action
Recommendation(s)
We recommend that the Director US-VISIT
Recommendation 1
Review data inconsistencies that we have provided to the US-VISIT office to determine if additional examples of biographic fraud exist beyond the two cases that it previously referred to ICE
13 US-VISIT has stated that bulleted examples 1 and 3 are results of incorrectly entered derogatory information in the system that will require data cleanup
Recommendation 2
Provide information on individuals determined to be using multiple biographic identities to appropriate law enforcement entities for identity fraud resolution and possible inclusion on the biometric watch list so they are identifiable when entering the United States
Management Comments and OIG Analysis
We obtained written comments on a draft report from the Under Secretary NPPD We have included a copy of the comments in their entirety in appendix B
In the comments the DHS Under Secretary for NPPD concurred with both report recommendations and provided comments on specific areas within the report We have reviewed managementrsquos comments and provide an evaluation below
In response to our first recommendation the DHS Under Secretary for NPPD requests that we remove the word ldquoadditionalrdquo from our recommendation when referring to examples of biographic fraud We have changed the report language to refer more clearly to the two cases of biographic fraud that NPPD previously referred to ICE
In response to our second recommendation the DHS Under Secretary for NPPD states that US-VISIT has initiated a proactive review of processes to identify potential fraud used by individuals attempting to enter the United States or obtain immigration benefits This is performed through a review of multiple alien registration numbers NPPD reported that to date US-VISIT has researched more than 1200 records and added 192 individuals to the Watch List
We believe that the actions that have been initiated partially satisfy the intent of this recommendation However US-VISIT also needs to expand its analysis to include the review of potential identity fraud associated with international travelers including travelers from visa waiver countries who did not have alien registration numbers or did not have to apply for visas from the Department of State Without a comprehensive plan to include these travelers US-VISIT will not be able to identify all individuals who may be using multiple biographic identities
In response to our report NPPD also stated that US-VISIT provides a layer of defense but is not the only line of defense against identity fraud and that CBP also plays a critical role in identifying individuals who use multiple biographic identities to enter the United States
We acknowledge that the security infrastructure at US borders is layered and that the critical work performed by CBP and the Department of State mitigates some of the security
risk However this report is not intended to be a broad overview of the entire security of our borders Rather this report specifically addresses US-VISITrsquos role in safeguarding against identity fraud By taking a greater proactive role in identifying and alerting CBP officers of potential identity fraud US-VISIT can provide valuable information to aid in securing our borders
Appendix A Objectives Scope and Methodology
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978 This is one of a series of audit inspection and special reports prepared as part of our oversight responsibilities to promote economy efficiency and effectiveness within the Department
Based on preliminary findings from survey work performed at United States Citizenship and Immigration Services we initiated a review of US-VISITrsquos internal controls over biographic identities The objectives of the review were to determine whether (1) US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States and (2) indications exist that individuals sought to enter the United States using different identities
To determine whether US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States we obtained US-VISITrsquos encounter biographic and document records from IDENT for 1998 through 2011 We eliminated nonentry encounters including enforcement and data-sharing records from our analysis We identified instances where individuals may have used multiple biographic identities by comparing the names and dates of birth recorded in US-VISIT records for encounters belonging to a single fingerprint identification number In this effort we utilized the expertise of an outside contractor Eastport Analytics as well as our own analysis We followed up on the results of our analysis by interviewing US-VISIT staff and reviewing documents provided by US-VISIT
To determine whether indications exist that individuals sought to enter the United States using different identities we analyzed the results of the analysis to test whether there was evidence of use of multiple biographic identities We provided a limited set of those results to US-VISIT staff to obtain any derogatory information related to the entry encounters of those individuals Finally we reviewed encounter biographic and derogatory records related to some of those individuals We briefed US-VISIT concerning the results of fieldwork and the information summarized in this report
We conducted this performance audit between September 2011 and March 2012 pursuant to the Inspector General Act of 1978 as amended and according to generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
recorded accurately Inconsistencies in key biographic information between records belonging to a single individual reduce the ability of US-VISIT to meet the Federal information system and internal control standards In addition these inconsistencies can make it difficult to distinguish between data entry errors and individuals potentially committing identity fraud We found that data integrity issues most likely account for most of the 450000 biographic records that did not match other biographic records for the same fingerprint Specifically
US-VISIT collects data from numerous other Federal agencies each with its own data format and collection mechanism For example one agency may enter an individualrsquos name and date of birth manually while another may collect the information automatically from a passport These differences result in data entry errors such as misspellings and transpositions For example over a period of 5 years one individualrsquos name was spelled 17 different ways
Test data existed in the information that US-VISIT provided to us as encounter data For example in a number of instances we found records with the same FIN but with made-up names such as ldquoMickey Mouserdquo and ldquoJarvis Samplerdquo
Inconsistent recording of biographic information exists at ports of entry In one example an individualrsquos first middle and last names were recorded in IDENT in different combinations In another example an individual had 14 different combinations of months days and years for the birth date recorded under the same name in encounters from 2004 to 2011
We found instances where the same fingerprints may have been used when processing travelers at a port of entry In one instance we found that the same set of fingerprints was used for seven different individuals who entered the country over the course of a few hours11 Without isolating these errors US-VISIT will face additional difficulty in distinguishing biographic fraud from data collection errors
We also found that gender-based and other conditions may reduce the consistency of biographic and biometric information within IDENT For example
We found that nearly 400000 records for women have different last names for the same first name date of birth and FIN According to US-VISIT officials these instances are likely women who changed their names after a marriage
11 When provided documentation for this example US-VISIT asserted that the same fingerprints were recorded as the result of a fingerprint scanner ghost image
Names of international travelers were not always captured at ports of entry For example we found that 244000 individuals (as identified by their unique FIN) with nearly 1 million encounters at ports of entry did not have specific biographic identities Instead they were identified in IDENT simply as ldquofrequent travelerrdquo
Dates of birth were not always captured or fell outside of a reasonable range Specifically we found more than 25000 records where the dates of birth were not recorded or were outside of normal ranges For example we found that some international travelers entering the United States were recorded as having dates of birth in the year 2049 Without accurate biographic information US-VISIT faces challenges in fulfilling its mission of using biometrics to prevent identity fraud and deprive criminals and immigration violators of the ability to cross our borders
Examples of Individuals Attempting To Enter the Country Under Multiple Biographic Identities
Although most of the biographic data discrepancies in IDENT data can be attributed to data entry errors we identified instances where individuals appeared to have used different names and dates of birth to attempt to enter the United States These individuals attempted to enter the country multiple times over several years under different biographic data In one example the same set of fingerprints was associated with nine different names and nine different birth dates in 10 different attempts to enter the United States In another example the same individual (as identified by the same set of fingerprints) had eight different names and eight different birth dates listed in IDENT data for nine attempts to enter the United States
In addition to individuals who the data pointed to a limited
number of instances where an individual with a derogatory record supplied different biographic information to CBP officers to attempt to enter the United States 12 For example
12 Subsequent to our analysis we provided US-VISIT with a file containing information on individuals who were recorded at ports of entry with different biographic information with the same FINs US-VISIT then made available to us information about derogatory information on these individuals
A male who used two different names and dates of birth to attempt to enter the United States in 2008 and 2011 was identified as a repeated criminal (recidivist) alien13
A male used two different identities to apply for visas from the Department of State After being denied entry in 2009 he used yet a third name and date of birth to attempt to enter the country later in the same year and was refused entry
A female who was identified as a recidivist alien in 2008 used different biographic data to visit the United States once in 2009 and twice in 2011
A female who was identified as a recidivist alien in 2006 attempted to enter the country on three visits in 2009 2010 and 2011 under variations of the same name
Conclusion
Significant inconsistencies exist in the biographic information that US-VISIT maintains on foreign visitors and aliens entering and exiting the United States Although most of the inconsistencies can be attributable to data input issues US-VISIT is unable to quantify the extent to which the same individuals provided different biographical data to circumvent controls and enter the United States improperly Without this information US-VISIT may be hindered in its ability to share information that could help border enforcement agencies prevent improper entries into the United States We will provide the results of our analysis of multiple biographic identities to US-VISIT for further research and potential action
Recommendation(s)
We recommend that the Director US-VISIT
Recommendation 1
Review data inconsistencies that we have provided to the US-VISIT office to determine if additional examples of biographic fraud exist beyond the two cases that it previously referred to ICE
13 US-VISIT has stated that bulleted examples 1 and 3 are results of incorrectly entered derogatory information in the system that will require data cleanup
Recommendation 2
Provide information on individuals determined to be using multiple biographic identities to appropriate law enforcement entities for identity fraud resolution and possible inclusion on the biometric watch list so they are identifiable when entering the United States
Management Comments and OIG Analysis
We obtained written comments on a draft report from the Under Secretary NPPD We have included a copy of the comments in their entirety in appendix B
In the comments the DHS Under Secretary for NPPD concurred with both report recommendations and provided comments on specific areas within the report We have reviewed managementrsquos comments and provide an evaluation below
In response to our first recommendation the DHS Under Secretary for NPPD requests that we remove the word ldquoadditionalrdquo from our recommendation when referring to examples of biographic fraud We have changed the report language to refer more clearly to the two cases of biographic fraud that NPPD previously referred to ICE
In response to our second recommendation the DHS Under Secretary for NPPD states that US-VISIT has initiated a proactive review of processes to identify potential fraud used by individuals attempting to enter the United States or obtain immigration benefits This is performed through a review of multiple alien registration numbers NPPD reported that to date US-VISIT has researched more than 1200 records and added 192 individuals to the Watch List
We believe that the actions that have been initiated partially satisfy the intent of this recommendation However US-VISIT also needs to expand its analysis to include the review of potential identity fraud associated with international travelers including travelers from visa waiver countries who did not have alien registration numbers or did not have to apply for visas from the Department of State Without a comprehensive plan to include these travelers US-VISIT will not be able to identify all individuals who may be using multiple biographic identities
In response to our report NPPD also stated that US-VISIT provides a layer of defense but is not the only line of defense against identity fraud and that CBP also plays a critical role in identifying individuals who use multiple biographic identities to enter the United States
We acknowledge that the security infrastructure at US borders is layered and that the critical work performed by CBP and the Department of State mitigates some of the security
risk However this report is not intended to be a broad overview of the entire security of our borders Rather this report specifically addresses US-VISITrsquos role in safeguarding against identity fraud By taking a greater proactive role in identifying and alerting CBP officers of potential identity fraud US-VISIT can provide valuable information to aid in securing our borders
Appendix A Objectives Scope and Methodology
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978 This is one of a series of audit inspection and special reports prepared as part of our oversight responsibilities to promote economy efficiency and effectiveness within the Department
Based on preliminary findings from survey work performed at United States Citizenship and Immigration Services we initiated a review of US-VISITrsquos internal controls over biographic identities The objectives of the review were to determine whether (1) US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States and (2) indications exist that individuals sought to enter the United States using different identities
To determine whether US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States we obtained US-VISITrsquos encounter biographic and document records from IDENT for 1998 through 2011 We eliminated nonentry encounters including enforcement and data-sharing records from our analysis We identified instances where individuals may have used multiple biographic identities by comparing the names and dates of birth recorded in US-VISIT records for encounters belonging to a single fingerprint identification number In this effort we utilized the expertise of an outside contractor Eastport Analytics as well as our own analysis We followed up on the results of our analysis by interviewing US-VISIT staff and reviewing documents provided by US-VISIT
To determine whether indications exist that individuals sought to enter the United States using different identities we analyzed the results of the analysis to test whether there was evidence of use of multiple biographic identities We provided a limited set of those results to US-VISIT staff to obtain any derogatory information related to the entry encounters of those individuals Finally we reviewed encounter biographic and derogatory records related to some of those individuals We briefed US-VISIT concerning the results of fieldwork and the information summarized in this report
We conducted this performance audit between September 2011 and March 2012 pursuant to the Inspector General Act of 1978 as amended and according to generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
Names of international travelers were not always captured at ports of entry For example we found that 244000 individuals (as identified by their unique FIN) with nearly 1 million encounters at ports of entry did not have specific biographic identities Instead they were identified in IDENT simply as ldquofrequent travelerrdquo
Dates of birth were not always captured or fell outside of a reasonable range Specifically we found more than 25000 records where the dates of birth were not recorded or were outside of normal ranges For example we found that some international travelers entering the United States were recorded as having dates of birth in the year 2049 Without accurate biographic information US-VISIT faces challenges in fulfilling its mission of using biometrics to prevent identity fraud and deprive criminals and immigration violators of the ability to cross our borders
Examples of Individuals Attempting To Enter the Country Under Multiple Biographic Identities
Although most of the biographic data discrepancies in IDENT data can be attributed to data entry errors we identified instances where individuals appeared to have used different names and dates of birth to attempt to enter the United States These individuals attempted to enter the country multiple times over several years under different biographic data In one example the same set of fingerprints was associated with nine different names and nine different birth dates in 10 different attempts to enter the United States In another example the same individual (as identified by the same set of fingerprints) had eight different names and eight different birth dates listed in IDENT data for nine attempts to enter the United States
In addition to individuals who the data pointed to a limited
number of instances where an individual with a derogatory record supplied different biographic information to CBP officers to attempt to enter the United States 12 For example
12 Subsequent to our analysis we provided US-VISIT with a file containing information on individuals who were recorded at ports of entry with different biographic information with the same FINs US-VISIT then made available to us information about derogatory information on these individuals
A male who used two different names and dates of birth to attempt to enter the United States in 2008 and 2011 was identified as a repeated criminal (recidivist) alien13
A male used two different identities to apply for visas from the Department of State After being denied entry in 2009 he used yet a third name and date of birth to attempt to enter the country later in the same year and was refused entry
A female who was identified as a recidivist alien in 2008 used different biographic data to visit the United States once in 2009 and twice in 2011
A female who was identified as a recidivist alien in 2006 attempted to enter the country on three visits in 2009 2010 and 2011 under variations of the same name
Conclusion
Significant inconsistencies exist in the biographic information that US-VISIT maintains on foreign visitors and aliens entering and exiting the United States Although most of the inconsistencies can be attributable to data input issues US-VISIT is unable to quantify the extent to which the same individuals provided different biographical data to circumvent controls and enter the United States improperly Without this information US-VISIT may be hindered in its ability to share information that could help border enforcement agencies prevent improper entries into the United States We will provide the results of our analysis of multiple biographic identities to US-VISIT for further research and potential action
Recommendation(s)
We recommend that the Director US-VISIT
Recommendation 1
Review data inconsistencies that we have provided to the US-VISIT office to determine if additional examples of biographic fraud exist beyond the two cases that it previously referred to ICE
13 US-VISIT has stated that bulleted examples 1 and 3 are results of incorrectly entered derogatory information in the system that will require data cleanup
Recommendation 2
Provide information on individuals determined to be using multiple biographic identities to appropriate law enforcement entities for identity fraud resolution and possible inclusion on the biometric watch list so they are identifiable when entering the United States
Management Comments and OIG Analysis
We obtained written comments on a draft report from the Under Secretary NPPD We have included a copy of the comments in their entirety in appendix B
In the comments the DHS Under Secretary for NPPD concurred with both report recommendations and provided comments on specific areas within the report We have reviewed managementrsquos comments and provide an evaluation below
In response to our first recommendation the DHS Under Secretary for NPPD requests that we remove the word ldquoadditionalrdquo from our recommendation when referring to examples of biographic fraud We have changed the report language to refer more clearly to the two cases of biographic fraud that NPPD previously referred to ICE
In response to our second recommendation the DHS Under Secretary for NPPD states that US-VISIT has initiated a proactive review of processes to identify potential fraud used by individuals attempting to enter the United States or obtain immigration benefits This is performed through a review of multiple alien registration numbers NPPD reported that to date US-VISIT has researched more than 1200 records and added 192 individuals to the Watch List
We believe that the actions that have been initiated partially satisfy the intent of this recommendation However US-VISIT also needs to expand its analysis to include the review of potential identity fraud associated with international travelers including travelers from visa waiver countries who did not have alien registration numbers or did not have to apply for visas from the Department of State Without a comprehensive plan to include these travelers US-VISIT will not be able to identify all individuals who may be using multiple biographic identities
In response to our report NPPD also stated that US-VISIT provides a layer of defense but is not the only line of defense against identity fraud and that CBP also plays a critical role in identifying individuals who use multiple biographic identities to enter the United States
We acknowledge that the security infrastructure at US borders is layered and that the critical work performed by CBP and the Department of State mitigates some of the security
risk However this report is not intended to be a broad overview of the entire security of our borders Rather this report specifically addresses US-VISITrsquos role in safeguarding against identity fraud By taking a greater proactive role in identifying and alerting CBP officers of potential identity fraud US-VISIT can provide valuable information to aid in securing our borders
Appendix A Objectives Scope and Methodology
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978 This is one of a series of audit inspection and special reports prepared as part of our oversight responsibilities to promote economy efficiency and effectiveness within the Department
Based on preliminary findings from survey work performed at United States Citizenship and Immigration Services we initiated a review of US-VISITrsquos internal controls over biographic identities The objectives of the review were to determine whether (1) US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States and (2) indications exist that individuals sought to enter the United States using different identities
To determine whether US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States we obtained US-VISITrsquos encounter biographic and document records from IDENT for 1998 through 2011 We eliminated nonentry encounters including enforcement and data-sharing records from our analysis We identified instances where individuals may have used multiple biographic identities by comparing the names and dates of birth recorded in US-VISIT records for encounters belonging to a single fingerprint identification number In this effort we utilized the expertise of an outside contractor Eastport Analytics as well as our own analysis We followed up on the results of our analysis by interviewing US-VISIT staff and reviewing documents provided by US-VISIT
To determine whether indications exist that individuals sought to enter the United States using different identities we analyzed the results of the analysis to test whether there was evidence of use of multiple biographic identities We provided a limited set of those results to US-VISIT staff to obtain any derogatory information related to the entry encounters of those individuals Finally we reviewed encounter biographic and derogatory records related to some of those individuals We briefed US-VISIT concerning the results of fieldwork and the information summarized in this report
We conducted this performance audit between September 2011 and March 2012 pursuant to the Inspector General Act of 1978 as amended and according to generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
A male who used two different names and dates of birth to attempt to enter the United States in 2008 and 2011 was identified as a repeated criminal (recidivist) alien13
A male used two different identities to apply for visas from the Department of State After being denied entry in 2009 he used yet a third name and date of birth to attempt to enter the country later in the same year and was refused entry
A female who was identified as a recidivist alien in 2008 used different biographic data to visit the United States once in 2009 and twice in 2011
A female who was identified as a recidivist alien in 2006 attempted to enter the country on three visits in 2009 2010 and 2011 under variations of the same name
Conclusion
Significant inconsistencies exist in the biographic information that US-VISIT maintains on foreign visitors and aliens entering and exiting the United States Although most of the inconsistencies can be attributable to data input issues US-VISIT is unable to quantify the extent to which the same individuals provided different biographical data to circumvent controls and enter the United States improperly Without this information US-VISIT may be hindered in its ability to share information that could help border enforcement agencies prevent improper entries into the United States We will provide the results of our analysis of multiple biographic identities to US-VISIT for further research and potential action
Recommendation(s)
We recommend that the Director US-VISIT
Recommendation 1
Review data inconsistencies that we have provided to the US-VISIT office to determine if additional examples of biographic fraud exist beyond the two cases that it previously referred to ICE
13 US-VISIT has stated that bulleted examples 1 and 3 are results of incorrectly entered derogatory information in the system that will require data cleanup
Recommendation 2
Provide information on individuals determined to be using multiple biographic identities to appropriate law enforcement entities for identity fraud resolution and possible inclusion on the biometric watch list so they are identifiable when entering the United States
Management Comments and OIG Analysis
We obtained written comments on a draft report from the Under Secretary NPPD We have included a copy of the comments in their entirety in appendix B
In the comments the DHS Under Secretary for NPPD concurred with both report recommendations and provided comments on specific areas within the report We have reviewed managementrsquos comments and provide an evaluation below
In response to our first recommendation the DHS Under Secretary for NPPD requests that we remove the word ldquoadditionalrdquo from our recommendation when referring to examples of biographic fraud We have changed the report language to refer more clearly to the two cases of biographic fraud that NPPD previously referred to ICE
In response to our second recommendation the DHS Under Secretary for NPPD states that US-VISIT has initiated a proactive review of processes to identify potential fraud used by individuals attempting to enter the United States or obtain immigration benefits This is performed through a review of multiple alien registration numbers NPPD reported that to date US-VISIT has researched more than 1200 records and added 192 individuals to the Watch List
We believe that the actions that have been initiated partially satisfy the intent of this recommendation However US-VISIT also needs to expand its analysis to include the review of potential identity fraud associated with international travelers including travelers from visa waiver countries who did not have alien registration numbers or did not have to apply for visas from the Department of State Without a comprehensive plan to include these travelers US-VISIT will not be able to identify all individuals who may be using multiple biographic identities
In response to our report NPPD also stated that US-VISIT provides a layer of defense but is not the only line of defense against identity fraud and that CBP also plays a critical role in identifying individuals who use multiple biographic identities to enter the United States
We acknowledge that the security infrastructure at US borders is layered and that the critical work performed by CBP and the Department of State mitigates some of the security
risk However this report is not intended to be a broad overview of the entire security of our borders Rather this report specifically addresses US-VISITrsquos role in safeguarding against identity fraud By taking a greater proactive role in identifying and alerting CBP officers of potential identity fraud US-VISIT can provide valuable information to aid in securing our borders
Appendix A Objectives Scope and Methodology
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978 This is one of a series of audit inspection and special reports prepared as part of our oversight responsibilities to promote economy efficiency and effectiveness within the Department
Based on preliminary findings from survey work performed at United States Citizenship and Immigration Services we initiated a review of US-VISITrsquos internal controls over biographic identities The objectives of the review were to determine whether (1) US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States and (2) indications exist that individuals sought to enter the United States using different identities
To determine whether US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States we obtained US-VISITrsquos encounter biographic and document records from IDENT for 1998 through 2011 We eliminated nonentry encounters including enforcement and data-sharing records from our analysis We identified instances where individuals may have used multiple biographic identities by comparing the names and dates of birth recorded in US-VISIT records for encounters belonging to a single fingerprint identification number In this effort we utilized the expertise of an outside contractor Eastport Analytics as well as our own analysis We followed up on the results of our analysis by interviewing US-VISIT staff and reviewing documents provided by US-VISIT
To determine whether indications exist that individuals sought to enter the United States using different identities we analyzed the results of the analysis to test whether there was evidence of use of multiple biographic identities We provided a limited set of those results to US-VISIT staff to obtain any derogatory information related to the entry encounters of those individuals Finally we reviewed encounter biographic and derogatory records related to some of those individuals We briefed US-VISIT concerning the results of fieldwork and the information summarized in this report
We conducted this performance audit between September 2011 and March 2012 pursuant to the Inspector General Act of 1978 as amended and according to generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
Recommendation 2
Provide information on individuals determined to be using multiple biographic identities to appropriate law enforcement entities for identity fraud resolution and possible inclusion on the biometric watch list so they are identifiable when entering the United States
Management Comments and OIG Analysis
We obtained written comments on a draft report from the Under Secretary NPPD We have included a copy of the comments in their entirety in appendix B
In the comments the DHS Under Secretary for NPPD concurred with both report recommendations and provided comments on specific areas within the report We have reviewed managementrsquos comments and provide an evaluation below
In response to our first recommendation the DHS Under Secretary for NPPD requests that we remove the word ldquoadditionalrdquo from our recommendation when referring to examples of biographic fraud We have changed the report language to refer more clearly to the two cases of biographic fraud that NPPD previously referred to ICE
In response to our second recommendation the DHS Under Secretary for NPPD states that US-VISIT has initiated a proactive review of processes to identify potential fraud used by individuals attempting to enter the United States or obtain immigration benefits This is performed through a review of multiple alien registration numbers NPPD reported that to date US-VISIT has researched more than 1200 records and added 192 individuals to the Watch List
We believe that the actions that have been initiated partially satisfy the intent of this recommendation However US-VISIT also needs to expand its analysis to include the review of potential identity fraud associated with international travelers including travelers from visa waiver countries who did not have alien registration numbers or did not have to apply for visas from the Department of State Without a comprehensive plan to include these travelers US-VISIT will not be able to identify all individuals who may be using multiple biographic identities
In response to our report NPPD also stated that US-VISIT provides a layer of defense but is not the only line of defense against identity fraud and that CBP also plays a critical role in identifying individuals who use multiple biographic identities to enter the United States
We acknowledge that the security infrastructure at US borders is layered and that the critical work performed by CBP and the Department of State mitigates some of the security
risk However this report is not intended to be a broad overview of the entire security of our borders Rather this report specifically addresses US-VISITrsquos role in safeguarding against identity fraud By taking a greater proactive role in identifying and alerting CBP officers of potential identity fraud US-VISIT can provide valuable information to aid in securing our borders
Appendix A Objectives Scope and Methodology
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978 This is one of a series of audit inspection and special reports prepared as part of our oversight responsibilities to promote economy efficiency and effectiveness within the Department
Based on preliminary findings from survey work performed at United States Citizenship and Immigration Services we initiated a review of US-VISITrsquos internal controls over biographic identities The objectives of the review were to determine whether (1) US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States and (2) indications exist that individuals sought to enter the United States using different identities
To determine whether US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States we obtained US-VISITrsquos encounter biographic and document records from IDENT for 1998 through 2011 We eliminated nonentry encounters including enforcement and data-sharing records from our analysis We identified instances where individuals may have used multiple biographic identities by comparing the names and dates of birth recorded in US-VISIT records for encounters belonging to a single fingerprint identification number In this effort we utilized the expertise of an outside contractor Eastport Analytics as well as our own analysis We followed up on the results of our analysis by interviewing US-VISIT staff and reviewing documents provided by US-VISIT
To determine whether indications exist that individuals sought to enter the United States using different identities we analyzed the results of the analysis to test whether there was evidence of use of multiple biographic identities We provided a limited set of those results to US-VISIT staff to obtain any derogatory information related to the entry encounters of those individuals Finally we reviewed encounter biographic and derogatory records related to some of those individuals We briefed US-VISIT concerning the results of fieldwork and the information summarized in this report
We conducted this performance audit between September 2011 and March 2012 pursuant to the Inspector General Act of 1978 as amended and according to generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
risk However this report is not intended to be a broad overview of the entire security of our borders Rather this report specifically addresses US-VISITrsquos role in safeguarding against identity fraud By taking a greater proactive role in identifying and alerting CBP officers of potential identity fraud US-VISIT can provide valuable information to aid in securing our borders
Appendix A Objectives Scope and Methodology
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978 This is one of a series of audit inspection and special reports prepared as part of our oversight responsibilities to promote economy efficiency and effectiveness within the Department
Based on preliminary findings from survey work performed at United States Citizenship and Immigration Services we initiated a review of US-VISITrsquos internal controls over biographic identities The objectives of the review were to determine whether (1) US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States and (2) indications exist that individuals sought to enter the United States using different identities
To determine whether US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States we obtained US-VISITrsquos encounter biographic and document records from IDENT for 1998 through 2011 We eliminated nonentry encounters including enforcement and data-sharing records from our analysis We identified instances where individuals may have used multiple biographic identities by comparing the names and dates of birth recorded in US-VISIT records for encounters belonging to a single fingerprint identification number In this effort we utilized the expertise of an outside contractor Eastport Analytics as well as our own analysis We followed up on the results of our analysis by interviewing US-VISIT staff and reviewing documents provided by US-VISIT
To determine whether indications exist that individuals sought to enter the United States using different identities we analyzed the results of the analysis to test whether there was evidence of use of multiple biographic identities We provided a limited set of those results to US-VISIT staff to obtain any derogatory information related to the entry encounters of those individuals Finally we reviewed encounter biographic and derogatory records related to some of those individuals We briefed US-VISIT concerning the results of fieldwork and the information summarized in this report
We conducted this performance audit between September 2011 and March 2012 pursuant to the Inspector General Act of 1978 as amended and according to generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
Appendix A Objectives Scope and Methodology
The Department of Homeland Security (DHS) Office of Inspector General (OIG) was established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector General Act of 1978 This is one of a series of audit inspection and special reports prepared as part of our oversight responsibilities to promote economy efficiency and effectiveness within the Department
Based on preliminary findings from survey work performed at United States Citizenship and Immigration Services we initiated a review of US-VISITrsquos internal controls over biographic identities The objectives of the review were to determine whether (1) US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States and (2) indications exist that individuals sought to enter the United States using different identities
To determine whether US-VISIT has internal controls and procedures in place to identify individuals who use multiple biographic identities to attempt to enter the United States we obtained US-VISITrsquos encounter biographic and document records from IDENT for 1998 through 2011 We eliminated nonentry encounters including enforcement and data-sharing records from our analysis We identified instances where individuals may have used multiple biographic identities by comparing the names and dates of birth recorded in US-VISIT records for encounters belonging to a single fingerprint identification number In this effort we utilized the expertise of an outside contractor Eastport Analytics as well as our own analysis We followed up on the results of our analysis by interviewing US-VISIT staff and reviewing documents provided by US-VISIT
To determine whether indications exist that individuals sought to enter the United States using different identities we analyzed the results of the analysis to test whether there was evidence of use of multiple biographic identities We provided a limited set of those results to US-VISIT staff to obtain any derogatory information related to the entry encounters of those individuals Finally we reviewed encounter biographic and derogatory records related to some of those individuals We briefed US-VISIT concerning the results of fieldwork and the information summarized in this report
We conducted this performance audit between September 2011 and March 2012 pursuant to the Inspector General Act of 1978 as amended and according to generally accepted government auditing standards Those standards require that we plan and perform the audit to obtain sufficient appropriate evidence to provide a reasonable basis for our findings and conclusions based upon our audit objectives We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
the evidence obtained provides a reasonable basis for our findings and conclusions based upon our audit objectives
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
Appendix B Management Comments to the Draft Letter Report
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
Appendix C Report Distribution
Department of Homeland Security
Secretary Deputy Secretary Chief of Staff Deputy Chief of Staff General Counsel Executive Secretary Director GAOOIG Liaison Office Assistant Secretary for Office of Policy Assistant Secretary for Office of Public Affairs Assistant Secretary for Office of Legislative Affairs Under Secretary National Protection and Programs Directorate US-VISIT Audit Liaison
Office of Management and Budget
Chief Homeland Security Branch DHS OIG Budget Examiner
Congress
Senate Committee on Homeland Security and Governmental Affairs Senate Committee on Appropriations House Committee on Homeland Security Committee House Committee on Appropriations Committees
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
ADDITIONAL INFORMATION AND COPIES
To obtain additional copies of this document please call us at (202) 254-4100 fax your request to (202) 254-4305 or e-mail your request to our Office of Inspector General (OIG) Office of Public Affairs at DHS-OIGOfficePublicAffairsoigdhsgov
For additional information visit our website at wwwoigdhsgov or follow us on Twitter at dhsoig
OIG HOTLINE
To expedite the reporting of alleged fraud waste abuse or mismanagement or any other kinds of criminal or noncriminal misconduct relative to Department of Homeland Security (DHS) programs and operations please visit our website at wwwoigdhsgov and click on the red tab titled Hotline to report You will be directed to complete and submit an automated DHS OIG Investigative Referral Submission Form Submission through our website ensures that your complaint will be promptly received and reviewed by DHS OIG
Should you be unable to access our website you may submit your complaint in writing to DHS Office of Inspector General Attention Office of Investigations Hotline 245 Murray Drive SW Building 410Mail Stop 2600 Washington DC 20528 or you may call 1 (800) 323-8603 or fax it directly to us at (202) 254-4297
The OIG seeks to protect the identity of each writer and caller
